Return to site

The History And Evolution Of TeslaCrypt Ransomware

TeslaCrypt is a ransomware program that encrypts files that targets all Windows versions including Windows Vista, Windows XP and Windows 7. Minecraft crafting introduced towards the end of February 2015. TeslaCrypt is a virus that infects your computer and search for data files to encrypt.

Once all your data files have been affected, an application will be displayed. It will give you information on how to recover them. The instructions will include the link to a decryption service TOR site. The site will provide information about the current ransom amount, the number of files that have been encrypted and how to make payment so that your files are released. The average ransom is $500. It is payable in Bitcoins. There is a distinct Bitcoin address for each victim.

After TeslaCrypt is installed on your system, it will generate a randomly-labeled executable within the folder %AppData%. The executable is launched and begins to look through your drive letters on your computer for files to encrypt. When it discovers a supported data file it encrypts it and adds a new extension to the file's name. This name is based on the variant that has affected your computer. The program now uses different file extensions to encrypt encrypted files, with the release of the latest versions of TeslaCrypt. TeslaCrypt currently utilizes the following extensions for encrypted files:.cccc..abc..aaa..zzz..xyz. You can utilize TeslaDecoder to decrypt encrypted files for no cost. It, of course, depends on the version of TeslaCrypt that has infected your files.

TeslaCrypt examines all drive letters on your computer in order to locate files that can be encrypted. It can scan network shares, DropBox mappings and removable drives. It only targets network shares data files in the event that the network share has been marked as a drive letter on your computer. The ransomware doesn't have the ability to encrypt files on network shares even if you don't have the network share marked as a drive letter. Once it has completed scanning your PC, it will erase all Shadow Volume Copies. This is done to stop you from restoring the affected files. The application title displayed after encryption of your PC is the ransomware's version.

How your computer gets infected with TeslaCrypt

TeslaCrypt is a computer virus that can be infected if the user visits a hacked site with an exploit kit and old software. To distribute this malware, hackers hack websites. An exploit kit is a special software program that they install. This kit seeks to take an advantage of vulnerabilities in the programs of your computer. Acrobat Reader and Java are only a few of the programs with weaknesses. Once the exploit kit succeeds in exploiting the weaknesses on your computer, it automatically installs and starts TeslaCrypt without your knowledge.

You should, therefore, make sure that your Windows and other programs installed are up-to-date. It protects you from possible vulnerabilities that could lead to the infecting of your computer with TeslaCrypt.

This ransomware was the first to actively attack data files that are used by PC video games. It targets game files of games such as Steam, World of Tanks and League of Legends. Diablo, Fallout 3 Skyrim, Dragon Age Dragon Age, Call of Duty and RPG Maker are just a few of the games it targets. However, it's not been established if the game's targets result in increased revenue for the malware creators.

Versions of TeslaCrypt and file extensions

TeslaCrypt is updated frequently to incorporate new encryption techniques and file extensions. The initial version encrypts files using the extension .ecc. In this scenario the encrypted files aren't coupled with data files. TeslaDecoder can also be used to recover the original encryption key. It is possible if the key used to decrypt was zeroed out and a partial key was discovered in key.dat. You can also find the Tesla request directly to the server, along with the decryption keys.

Another version is available with encrypted file extensions.ecc or.ezz. If the decryption key was not zeroed out, one cannot retrieve the original key. The encrypted files can't be paired with the data files. The Tesla request can be sent to the server with the encryption key.

The original encryption keys for the versions that have extensions file names.ezz or.exx cannot be recovered without the author's private key. If the secret key for decryption was zeroed out, it won't be possible to recover the keys used to decrypt. The encrypted files that have the extension .exx are paired with data files. You can also request a decryption key from the Tesla server.

Versions with encrypted file extensions.ccc.,.abc..aaa..zzz, and.xyz do not use data files. The key to decrypt cannot be stored on your computer. It is only decrypted if the victim captures the key as it is being transmitted to an online server. You can get the encryption key by contacting Tesla. This is not possible for TeslaCrypt versions prior to v2.1.0.

The release of TeslaCrypt 4.0

The authors have released TeslaCrypt4.0 sometime in March 2016. A brief analysis indicates that the latest version corrects a bug that had previously caused corruption of files larger than 4GB. It also contains new ransom notes, and doesn't require encryption of files. The absence of an extension makes it difficult for users to learn the existence of TeslaCryot and what happened to their files. With the latest version, victims will need to follow paths developed through the ransom notes. It is not possible to decrypt files with no extension without a key purchased or Tesla's personal key. The files can be decrypted if a victim has captured the key while it was transmitted to the server during encryption.

Minecraft crafting

 

All Posts
×

Almost done…

We just sent you an email. Please click the link in the email to confirm your subscription!

OKSubscriptions powered by Strikingly