User description

TeslaCrypt is an encryption program for files that targets all Windows versions, including Windows Vista, Windows XP and Windows 7. The program was released for the first time at the end of February 2015. TeslaCrypt infects your computer and searches for data files to encrypt. Once all your data files have been infected, an app will be displayed. It will give you information on how to recover the files. The instructions will contain the link to a TOR decryption service website. The site will provide you with information on the current ransom amount, how many files have been encrypted, as well as how to pay so that your files can be released. The ransom amount typically starts at $500. It is payable in Bitcoins. Each victim will have their own Bitcoin address. Once TeslaCrypt is installed on your computer, it creates a randomly labeled executable in the %AppData% directory. The executable is launched and starts to search the drive letters of your computer for files to encrypt. When it detects a supported data file, it encrypts it and then adds a new extension to the file's name. This name is determined by the version of the program that has affected your computer. With the release of new variants of TeslaCrypt, the program uses various file extensions to store the encrypted files. TeslaCrypt currently utilizes the following extensions for encrypted files:.cccc..abc..aaa..zzz..xyz. There is a chance that you could utilize the TeslaDecoder tool to decrypt your encrypted files free of cost. It obviously depends on the version of TeslaCrypt that is infected with your files. You should note that TeslaCrypt will look through all drive letters on your computer to locate files to secure. It also includes network shares, DropBox mappings, and removable drives. However, it only targets the files on network shares in the event that you have the share mapped as an drive letter on your computer. If you don't have mapped the network share as a drive letter the ransomware will not encrypt the files on that network share. After scanning your computer, the ransomware will delete all Shadow Volume Copies. The ransomware will do this to stop you from restoring the affected files. The ransomware's version is indicated by the title of the application that appears after encryption. How does your computer get infected by TeslaCrypt TeslaCrypt can infect computers when the user visits a hacked site that has an exploit kit and old programs. Developers hack websites to distribute this malware. An exploit kit is a special software program that they install. This tool exploits weaknesses in the programs on your computer. Some of the programs whose vulnerabilities are typically exploited are Windows, Acrobat Reader, Adobe Flash and Java. Once the exploit kit has successfully exploited the vulnerabilities on your computer it will automatically install and launch TeslaCrypt. It is crucial to ensure that Windows and all other programs are up-to date. This will help you avoid possible weaknesses that could result in the infecting of your computer with TeslaCrypt. This ransomware was the first of its kind to target data files utilized by PC video games. It targets game files for games like MineCraft, Steam, World of Tanks, League of Legends Half-life 2. Diablo, Fallout 3, Skyrim, Dragon Age, Call of Duty, RPG Maker and many more. However, it has not been determined if game targets increase the revenue of the malware creators. Versions of TeslaCrypt and the file extensions associated with it. TeslaCrypt is constantly updated to include new file extensions and encryption methods. The initial version encrypts files using the extension .ecc. In this scenario encrypted files aren't associated with data files. The TeslaDecoder too can be used to recover the original encryption key. If the keys used to decrypt were zeroed out, and a partial key was found in key.dat it is possible. The decryption key could be found the Tesla request sent to the server. There is another version with encrypted file extensions of .ecc and .ezz. It is impossible to recover the original decryption key without the ransomware's authors' private key if the decryption was zeroed out. The encrypted files are not joined with the data files. The Tesla request can be sent to the server with the encryption key. The original keys to decrypt the versions with extensions names.ezz or.exx names.ezz or.exx cannot be recovered without the authors private key. MINECRAFT PRISON SERVERS If the decryption secret key was zeroed out, it won't be possible to recover the decryption keys. Files encrypted with the extension .exx are associated with data files. Decryption keys can also be obtained from the Tesla request to the server. Versions with encrypted files with extensions.ccc.,.abc..aaa..zzz, and.xyz do not use data files. The key for decryption cannot be saved on your computer. It can only be decrypted if the victim records the key while it is being sent to a server. The encryption key can be obtained from Tesla request to the server. This is not possible for TeslaCrypt versions before v2.1.0. TeslaCrypt 4.0 is now available The authors have released TeslaCrypt4.0 sometime in March 2016. A quick review indicates that the latest version corrects a bug that previously corrupted files bigger than 4GB. It also includes new ransom notes and does not use an extension for encrypted files. It is difficult for users to find out about TeslaCryot or what occurred to their files as there is no extension. The ransom notes will be used to create pathways for victims. There are little established ways to decrypt files without extension, without a purchased decryption key or Tesla's private key. If the user is able to capture the key while it was being sent to an online server, the files can be decrypted.