TeslaCrypt also know as EccKrypt is one of the ransomwares that is widely seen . It encrypts certain files and demands ransom to decrypt the files. TeslaCrypt uses AES symmetric algorithm to encrypt files. Teslacrypt 4 features RSA algorithm for encrypting data.
TeslaCrypt evolved from a ransomware targeting gamers, but this is not only a severe threat, but also one that is capable of far wider data leakage.
The first version of TeslaCrypt emerged in March 2015, then TeslaCrypt2.0 was launched in November 2015.They launched TeslaCrypt 3.0 in January 2016, and now the fourth version is out.
TeslaCrypt is spread using exploit kits such as Angler exploit kit, Neutrino exploit kit.
Using Angler, Adobe flash is exploited then it downloads TeslaCrypt as a payload.
Using Neutrino, it redirects users to malicious pages that hosts exploit files targeting various vulnerabilities. Once exploited, it delivers a Trojan downloader and executes it on the victim’s machine. Then the payload starts generating random domain names and connects to a remote server. The target machine then receives 404 error page along with a download link that delivers TeslaCrypt variant from the remote server. After execution, TeslaCrypt encrypt the files.
After encrypting the files, it renames them. Below are some of the extensions we have seen so far:
Apart from having your antivirus, following things help prevent ransomware infections.
- Back up your files.
- Apply windows and other software updates regularly.
- Avoid clicking untrusted email links or opening unsolicited email attachments.
- Disable ActiveX content in Microsoft Office applications such as Word, Excel, etc.
- Install a firewall, block Tor and I2P, and restrict to specific ports.
- Disable remote desktop connections
- Block binaries running from %APPDATA% and %TEMP% paths.