The History And Evolution Of TeslaCrypt Ransomware
TeslaCrypt is a ransomware program that encrypts files. program intended for all Windows versions including Windows Vista, Windows XP, Windows 7 and Windows 8. The program was launched in the first time around the end of February 2015. After it has infected your computer, TeslaCrypt will search for data files and then encrypt them with AES encryption such that you will no longer be capable of opening them.
After all your data files are affected, an application will be displayed. It will provide details on how to recover the files. There is a link within the instructions that connects you to the TOR Decryption Service website. The site will provide information on the current ransom amount, the number of files that have been encrypted and how you can pay the ransom so that your files are released. The ransom usually starts at $500. It can be paid in Bitcoins. Each customer will have a unique Bitcoin address.
Once TeslaCrypt is installed on your computer, it generates a randomly labeled executable in the %AppData% folder. The executable launches and searches your drive letters for files that can be encrypted. It adds an extension to the name of the file, and then encrypts any supported data files it locates. This name is determined by the version that has affected your computer. The program uses a variety of extensions of files to decrypt encrypted files following the release of the latest versions of TeslaCrypt. TeslaCrypt currently uses the following extensions for encrypted files:.cccc..abc..aaa..zzz..xyz. There is a chance that you can use the TeslaDecoder tool to decrypt your encrypted files for free of charge. It depends on which version of TeslaCrypt is affected.
TeslaCrypt scans every drive letter on your computer in order to find files to encrypt. It can scan network shares, DropBox mappings and removable drives. However, it will only target the data files on network shares in the event that you have the share assigned as a drive letter on your computer. If you haven't yet mapped the network share as a drive letter the ransomware will not secure the files on that network share. Once it has completed scanning your computer, it will erase all Shadow Volume Copies. The ransomware will do this to stop you from restoring the affected files. The ransomware's version is indicated by the application's title, which appears after encryption.
How TeslaCrypt affects your computer
TeslaCrypt is a computer virus that can be infected when a user visits a hacked website that runs an exploit kit and whose computer has outdated programs. To distribute this malware hackers hack websites. An exploit kit is a software program that they install. This program aims to exploit vulnerabilities in the programs of your computer. Some of the programs that have vulnerabilities are commonly exploited include Windows, Acrobat Reader, Adobe Flash and Java. If the exploit tool is successful in exploiting the weaknesses on your computer, it automatically installs and starts TeslaCrypt without your knowledge.
You should, therefore, ensure that you Windows and other programs installed are up-to-date. It will protect your computer from potential weaknesses that could lead to infection with TeslaCrypt.
This ransom ware was the first to target data files that are used by PC video games in a proactive manner. Minecraft list It targets game files from games such as Steam, World of Tanks and League of Legends. Diablo, Fallout 3, Skyrim, Dragon Age, Call of Duty, RPG Maker and many more. However, it has not been determined if games targets will result in increased revenues for the creators of this malware.
Versions of TeslaCrypt and file extensions
TeslaCrypt is updated regularly to include new encryption techniques and file extensions. The initial version encrypts files using the extension .ecc. In this case encrypted files aren't associated with data files. TeslaDecoder can also be used to recover the encryption key that was originally used. It is possible if the decryption key was zeroed out and partial key was found in key.dat. Minecraft The decryption key can also be found the Tesla request that was sent to the server.
There is another version with encrypted file extensions of .ecc and .ezz. One cannot recover the original decryption key without having the author's private key if the decryption was zeroed out. The encrypted files cannot be joined with the data files. Decryption keys can be obtained from the Tesla request that was sent to the server.
The original encryption keys for the versions that have extensions file names.ezz or.exx cannot be recovered without the author's private key. If the secret key used to decrypt the data was zeroed out, it won't be possible to recover the keys used to decrypt. Files encrypted with the extension .exx are associated with data files. You can also request a decryption key through the Tesla server.
Versions with encrypted file extensions.ccc.,.abc..aaa..zzz, and.xyz do not use data files. The decryption key cannot be saved on your computer. It can only be decrypted when the victim is able to capture the key as it is being sent to the server. The encryption key can be obtained from Tesla request to the server. This is not available for TeslaCrypt versions before v2.1.0.
TeslaCrypt 4.0 is now available
The authors have released TeslaCrypt4.0 sometime in March 2016. The new version fixes an issue that caused corrupted files larger than 4GB. It also has new ransom notes, and does not utilize an extension to protect encrypted files. The absence of an extension makes it difficult for users to find out the details of TeslaCryot and what has happened to their files. With the new version, victims will have to follow the paths outlined in the ransom notes. There isn't a lot of established ways to decrypt files that have no extension, without a purchased decryption key or Tesla's personal key. If the victim takes the key as it was being sent to a server and the files are decrypted.
