HISTORY AND EVOLUTION OF TESLACRYPT RANSOMWARE THE VIRUS



TeslaCrypt is a ransomware program that encrypts files that targets all Windows versions, including Windows Vista, Windows XP and Windows 7. This program was released for the first time at the close of February 2015. After it has infected your PC, TeslaCrypt will search for data files and then encrypt them using AES encryption so that you will no longer be able to open them.



When all files that contain data on your computer are affected, an application will be displayed with information on how to recover your files. There is a link within the instructions that connects you to the TOR Decryption Service website. This site will provide details about the current ransom amount, the number of files have been encrypted, as well as how to pay so that your files can be released. The ransom amount usually starts at $500. It is payable through Bitcoins. There is a different Bitcoin address for each victim.



After TeslaCrypt is installed on your computer it will create an executable with a random label within the folder named %AppData and %. The executable is launched, and it begins to look through your computer's drive letters for files that need to be encrypted. It adds an extension to the name of the file, and then encodes any supported data files it locates. This name is based on the version that is affecting your computer. The program now uses different extensions of files to decrypt encrypted files with the release of the latest versions of TeslaCrypt. TeslaCrypt currently utilizes the following extensions for encrypted files:.cccc..abc..aaa..zzz..xyz. You could make use of TeslaDecoder to decrypt encrypted files for no cost. It obviously depends on the version of TeslaCrypt that has infected your files.



You should note that TeslaCrypt will scan all of the drive letters on your computer to identify files to encrypt. It can be used to encrypt network shares, DropBox mappings, and removable drives. It only targets network share data files in the event that the network share has been identified as a drive letter on your computer. If you don't have mapped the network share as a drive letter the ransomware won't be able to secure the files on that network share. After scanning your computer, the ransomware will delete all Shadow Volume Copies. The ransomware does this to prevent you from restoring affected files. The ransomware's version is indicated by the application title that appears after encryption.



How TeslaCrypt infects your computer



TeslaCrypt is a computer virus that can be infected if the user visits a hacked site that has an exploit kit as well as outdated software. To distribute this malware hackers hack websites. They install a special software program, referred to as an exploit kit. This kit seeks to exploit vulnerabilities in your computer's programs. Some of the programs that have vulnerabilities are commonly exploited include Windows, Acrobat Reader, Adobe Flash and Java. After the exploit kit has successfully exploited the vulnerabilities on your computer it automatically installs and starts TeslaCrypt.



You should, therefore, ensure that your Windows and other installed programs are up-to-date. It will protect you from possible weaknesses that could result in the infection of your computer by TeslaCrypt.



This ransomware was the first to actively target data files used by PC video games. It targets game files of games such as Steam, World of Tanks and League of Legends. Diablo, Fallout 3, Skyrim, Dragon Age, Call of Duty, RPG Maker and many more. However, it has not been determined if game targets increase the revenue of the malware creators.



Versions of TeslaCrypt, and the associated file extensions



TeslaCrypt is frequently updated to incorporate new file extensions and encryption methods. The first version encrypts files that have the extension .ecc. The encrypted files, in this case are not linked to the data files. TeslaDecoder can also be used to retrieve the encryption key that was originally used. What about If the decryption keys were zeroed out, and an incomplete key was discovered in key.dat, it is possible. The key for decryption can be found in the Tesla request to the server.



Another version is available with encrypted file extensions.ecc or.ezz. If the encryption key was not zeroed out, one is unable to find the original key. The encrypted files can't be joined with the data files. The encryption key can be downloaded from the Tesla request sent to the server.



The original encryption keys for the versions that have extensions names.ezz or.exx names.ezz or.exx cannot be recovered without the authors private key. If the secret key used to decrypt the data was zeroed out, it will not be possible to retrieve the decryption keys. Files encrypted with the extension.exx can be paired with data files. You can also request a decryption key from the Tesla server.



The version with encrypted file extensions .ccc, .abc, .aaa, .zzz and .xyz does not use data files and the decryption key is not stored on your computer. It can only be decrypted if the victim captures the key as it is being transmitted to an online server. Decryption key can be retrieved from Tesla request to the server. This is not possible for TeslaCrypt versions prior to v2.1.0.



Release of TeslaCrypt 4.0



The authors released TeslaCrypt4.0 sometime in March 2016. The new version fixes a bug that affected files larger than 4GB that were corrupted. It also includes new ransom notes and does not require encryption files to be encrypted. It is difficult for users to learn about TeslaCryot or what happened to their files since there is no extension. With the new version, victims will have to follow the path outlined in the ransom notes. There are no established methods to decrypt files with no extension without a decryption key or Tesla's personal key. If the user takes the key as it was being sent to a server the files could be decrypted.


Created: 15/07/2022 00:12:41
Page views: 99
CREATE NEW PAGE