About selectsound48

Description

History and Evolution of TeslaCrypt Ransomware Virus

TeslaCrypt is a file encryption ransomware program that targets all Windows versions including Windows Vista, Windows XP and Windows 7. This program was released for the first time towards the end of February 2015. Once it infects your PC, TeslaCrypt will search for data files and then encrypt them using AES encryption so that you will no longer be able to open them.


When all your data files are infected, an app will be displayed. It will provide details on how to recover the files. The instructions will contain an link that will lead you to a TOR decryption service site. This site will provide information about the current ransom amount, how many files have been encrypted, as well as how to pay so that your files can be released. The ransom typically starts at $500. It is possible to pay it in Bitcoins. Each customer will have a unique Bitcoin address.


Once TeslaCrypt is installed on your computer, it generates an executable with a random label within the %AppData% folder. The executable starts and scans your computer's drive letters looking for files that can be encrypted. It then adds an extension the name of each supported data file it locates. This name is determined by the version that affected your system. With the introduction of new versions of TeslaCrypt it uses various file extensions to store the encrypted files. TeslaCrypt currently utilizes the following extensions for encrypted files:.cccc..abc..aaa..zzz..xyz. You can use TeslaDecoder to decrypt encrypted files for no cost. Minecraft-server.live It is, of course, dependent on the version of TeslaCrypt that has infected your files.


It is important to note that TeslaCrypt will scan all of the drive letters on your computer to find files to encode. It includes network shares, DropBox mappings, and removable drives. It only targets network share data files in the event that the network share has been mapped as a drive letters on your computer. The ransomware will not secure files on network shares even if you don't have the network share mapped as drive letter. After scanning your computer it will erase all Shadow Volume Copies. This is done to prevent you from restoring damaged files. The version of the ransomware is indicated by the application's title, which appears after encryption.


How does your computer get infected with TeslaCrypt


TeslaCrypt is a computer virus that can be infected when the user visits an untrusted website running an exploit kit and whose computer is infected with outdated programs. Developers hack websites to distribute the malware. They install a unique software program dubbed an exploit kit. This kit seeks to exploit vulnerabilities found in the programs of your computer. Some of the programs that have vulnerabilities are commonly exploited are Windows, Acrobat Reader, Adobe Flash and Java. If the exploit tool succeeds in exploiting the weaknesses on your computer, it then installs and launches TeslaCrypt without your knowledge.


It is essential to ensure that Windows and all other programs are up to current. It will protect your computer from potential weaknesses that could lead to infection with TeslaCrypt.


This ransom ware was the first of its kind to target data files used by PC video games. It targets game files for games such as MineCraft, Steam, World of Tanks, League of Legends, Half-life 2. Diablo, Fallout 3 Skyrim, Dragon Age Dragon Age, Call of Duty and RPG Maker are just a few of the many games it targets. However, it hasn't been determined if games targeting gamers result in increased revenue for the malware creators.


Versions of TeslaCrypt, and the associated file extensions


TeslaCrypt is frequently updated to incorporate new file extensions and encryption methods. The first version encrypts files that have the extension .ecc. The encrypted files, in this case are not linked to the data files. The TeslaDecoder may be used to retrieve the original encryption key. If the keys used to decrypt were zeroed out and the key was found to be partial in key.dat it's possible. It is also possible to find the Tesla request that was sent directly to the server along with the keys for decryption.


There is another version with encrypted extension of files like .ecc and .ezz. It is impossible to recover the original decryption key without having the ransomware's authors' private key when the decryption has been removed. The encrypted files can't be joined with the data files. The encryption key can be downloaded from the Tesla request sent to the server.


The original encryption keys for the versions with extensions file names.ezz or.exx cannot be recovered without the authors private key. If the secret key used to decrypt the data was zeroed out, it will not be possible to retrieve the original key. The encrypted files with the extension.exx can be paired with data files. Decryption key can also be obtained via the Tesla request to the server.


The version with encrypted file extensions .ccc, .abc, .aaa, .zzz and .xyz does not use data files and the key to decrypt is not stored on your computer. It is only decrypted if the victim has captured the key as it was being sent to the server. The key to decrypt can be retrieved from Tesla request to the server. This is not available for TeslaCrypt versions prior to v2.1.0.


TeslaCrypt 4.0 is now available


The authors recently released TeslaCrypt4.0 in March of 2016. The new version has been updated to fix an issue that corrupted files larger than 4GB. It also has new ransom notes, and does not utilize an extension to protect encrypted files. The absence of an extension makes it hard for users to discover about TeslaCryot and what changed to their files. The ransom notes are used to create routes for victims. There are no established methods to decrypt files without extension without a purchased decryption key or Tesla's private key. If the victim is able to capture the key while it was being transmitted to an online server, the files can be decrypted.