User description

TeslaCrypt is a file encryption ransomware program that targets all Windows versions including Windows Vista, Windows XP and Windows 7. This ransomware program was first released towards the end February 2015. Minecraft blog TeslaCrypt infects your computer and looks for data files to encode. When all files that contain data on your computer have been infected, a program will be displayed with details on how to retrieve your files. The instructions will contain a link that connects to a decryption service TOR website. The site will provide you with information on the current ransom amount, how many files have been encrypted, and how to pay so that your files can be released. The ransom amount usually starts at $500. It is payable in Bitcoins. Each victim will have their own Bitcoin address. Once TeslaCrypt is installed on your computer, it generates a randomly labeled executable within the %AppData% folder. The executable is launched and starts to scan your drive letters on your computer for files to encrypt. When it discovers a supported data file it encrypts it and attaches an extension that is new to the name of the file. This name is determined by the version that affected your computer. The program is now using different extensions of files to decrypt encrypted files with the release of new versions of TeslaCrypt. TeslaCrypt currently employs the following extensions to encrypted files:.cccc..abc..aaa..zzz..xyz. You can use TeslaDecoder to decrypt encrypted files for free. It depends on which version of TeslaCrypt is infected. TeslaCrypt examines every drive letter on your computer to locate files that can be encrypted. It includes network shares, DropBox mappings, and removable drives. MINECRAFT However, it is only able to target the data files on network shares when you have the network share assigned as an drive letter on your computer. If you haven't yet mapped the network share as a drive-letter, the ransomware won't be able to encode the files on the network share. After scanning your computer it will delete all Shadow Volume Copies. The ransomware will do this to prevent you from restoring the affected files. The title of the application displayed after encryption of your computer shows the version of the ransomware. How your computer gets infected by TeslaCrypt TeslaCrypt is a computer virus that can be infected when the user visits an untrusted website that runs an exploit kit and whose computer is running outdated software. To distribute this malware hackers hack websites. They install a specific software program known as an exploit kit. This tool exploits weaknesses in your computer's programs. Some of the programs with vulnerabilities are typically exploited are Windows, Acrobat Reader, Adobe Flash and Java. Once the exploit tool has successfully exploited the vulnerabilities on your computer, it automatically installs and starts TeslaCrypt. It is therefore important to ensure that your Windows and other installed programs are up-to-date. This will safeguard your computer from potential vulnerabilities that could cause infection with TeslaCrypt. This ransomware was the first to actively attack data files utilized by PC video games. It targets game files from games such as MineCraft, Steam, World of Tanks, League of Legends Half-life 2. Diablo, Fallout 3 Skyrim, Dragon Age Dragon Age, Call of Duty and RPG Maker are just a few of the games it targets. It has, however, not been ascertained whether games targets will result in increased revenue for developers of this malware. Versions of TeslaCrypt and associated file extensions TeslaCrypt is regularly updated to include new encryption techniques and file extensions. The initial version encrypts files that include the extension.ecc. The encrypted files, in this instance, are not paired with the data files. The TeslaDecoder too can be used to recover the original encryption key. It is possible to do this if the decryption key was zeroed out and partial key was found in key.dat. The key for decryption can be found in the Tesla request sent to the server. Another version is available with encrypted file extensions.ecc or.ezz. The original decryption key without the author's private key in the event that the encryption was zeroed out. The encrypted files are not paired with the data files. Decryption key can be git from the Tesla request that is sent to the server. For the version that has an extension file name .ezz and .exx, the original decryption key cannot be recovered without the author's private key, if the decryption key was zeroed out. The encrypted files with the extension.exx can be paired with data files. You can also request a decryption key through the Tesla server. Versions that have encrypted file extensions.ccc.,.abc..aaa..zzz, and.xyz do not make use of data files. The decryption key cannot be stored on your computer. It can only be decrypted if the victim has captured the key while it was being sent to the server. The encryption key can be obtained from Tesla request to the server. This is not available for TeslaCrypt versions before v2.1.0. Release of TeslaCrypt 4.0 The authors have released TeslaCrypt4.0 sometime in March 2016. A brief analysis shows that the new version has fixed a flaw that had previously caused corruption of files larger than 4GB. It also includes new ransom notes, and does not require encryption files to be encrypted. It is difficult for users to learn about TeslaCryot or what occurred to their files as there is no extension. The ransom notes can be used to establish pathways for victims. It is not possible to decrypt files with no extension without a purchased key or Tesla's personal key. The files could be decrypted in the event that the victim has captured the key while it was transmitted to the server during encryption.