History And Evolution Of TeslaCrypt Ransomware Virus

TeslaCrypt is a file encryption ransomware program that targets all Windows versions including Windows Vista, Windows XP and Windows 7. The ransomware program first released towards the end February 2015. Once it infects your PC, TeslaCrypt will search for data files and encrypt them with AES encryption, so that you will no longer be allowed to open them.

After all your data files are infected, a program will be displayed. It will provide details on how to recover them. The instructions will include the link to a TOR encryption service website. This site will give you information about the current ransom amount and the number of files encrypted and how you can pay the ransom so that your files are released. The ransom amount usually starts at $500. It is payable through Bitcoins. Each victim will have their own Bitcoin address.

After TeslaCrypt is installed on your computer , it will generate a randomly-labeled executable within the folder named %AppData and %. The executable is launched and examines your computer's drive letters looking for files to encrypt. When it detects a supported data file the file is encrypted and adds a new extension to the name of the file. The name is based on the version that affected your computer. With the introduction of new versions of TeslaCrypt the program is using different file extensions for encrypted files. TeslaCrypt currently uses the following extensions for encrypted files:.cccc..abc..aaa..zzz..xyz. There is a possibility that you could utilize the TeslaDecoder tool to decrypt your encrypted files for free of cost. It obviously depends on the version of TeslaCrypt that is infected with your files.

TeslaCrypt searches for every drive letter on your computer to locate files that can be encrypted. It can scan network shares, DropBox mappings and removable drives. It only targets network shares data files if the network share is marked as a drive letter on your computer. The ransomware doesn't have the ability to encrypt files on network shares even if you don't have the network share that is mapped as drive letter. After scanning your computer the ransomware will erase all Shadow Volume Copies. This is done to prevent you from restoring affected files. The application title displayed after encryption of your PC indicates the ransomware's version.

How TeslaCrypt is able to infect your computer

TeslaCrypt can infect computers when the user goes to a hacker site that has an exploit kit and old programs. To distribute this malware hackers hack websites. An exploit kit is a special software program that they install. This program aims to exploit vulnerabilities found in your computer's programs. Acrobat Reader and Java are only a few of the programs that have vulnerabilities. When the exploit kit is successful in exploiting the weaknesses on your computer, it will automatically installs and launches TeslaCrypt without your knowledge.

It is therefore important to ensure that you Windows and other programs installed are up-to-date. This will safeguard your system from weaknesses that could lead to infection with TeslaCrypt.

This ransom ware was the first of its kind to target data files that are used by PC video games in a proactive manner. It targets game files from games like Steam, World of Tanks and League of Legends. Diablo, Fallout 3 Skyrim, Dragon Age Dragon Age, Call of Duty and RPG Maker are just a handful of the games it targets. However, it hasn't been determined if games targeting gamers result in increased revenue for the malware creators.

Versions of TeslaCrypt and related file extensions

TeslaCrypt is regularly updated to incorporate new file extensions and encryption methods. The first version encrypts files with the extension .ecc. The encrypted files, in this case, are not paired with the data files. The TeslaDecoder too can be used to recover the original decryption key. If the decryption keys were zeroed out, and the key was found to be partial in key.dat it is possible. The key for decryption can be found in the Tesla request sent to the server.

Another version is available with encrypted file extensions.ecc or.ezz. If the decryption key was not zeroed out, it is impossible to retrieve the original key. The encrypted files cannot be joined with the data files. The Tesla request can be transmitted to the server using the decryption key.

The original keys to decrypt the versions that have extensions names.ezz or.exx names.ezz or.exx cannot be recovered without the author's private key. If the secret key for decryption was zeroed out, it won't be possible to retrieve the keys used to decrypt. The encrypted files with the extension.exx can be joined with data files. Decryption key can also be obtained via the Tesla request to the server.

The version that has encrypted file extensions .ccc, .abc, .aaa, .zzz and .xyz does not make use of data files and the decryption key is not stored on your computer. minecraft adventure servers It can only be decrypted if that the victim captures the key as it was being transmitted to the server. The key to decrypt can be retrieved from Tesla request to the server. It is not possible to do this for versions after TeslaCrypt v2.1.0.

The release of TeslaCrypt 4.0

Recently, the authors released TeslaCrypt 4.0 sometime in March 2016. A quick analysis shows that the latest version has fixed a flaw that corrupted files earlier than 4GB. It also includes new ransom notes, and does not utilize an extension to protect encrypted files. It is difficult for users to learn about TeslaCryot or what occurred to their files as there is no extension. With the latest version, users will need to follow paths developed through the ransom notes. It is not possible to decrypt files without an extension without a key purchased or Tesla's personal key. The files can be decrypted if a victim has captured the key while it was sent to the server during encryption.