Notes

History and Evolution of TeslaCrypt Ransomware Virus

TeslaCrypt is an encryption program for files that targets all Windows versions including Windows Vista, Windows XP and Windows 7. This program was released for the first time towards the close of February 2015. TeslaCrypt can infect your computer and looks for encrypted data files.



When all data files on your computer are affected, an application will be displayed with details on how to retrieve your files. The instructions will include a link that will take you to a TOR encryption service website. This site will provide information about the current ransom amount, the number of files have been encrypted, and how to pay the ransom so your files are released. The ransom amount typically starts at $500. It is payable in Bitcoins. Each customer will have a unique Bitcoin address.
Minecraft servers


Once TeslaCrypt is installed on your computer, it generates an executable that is randomly labeled in the %AppData% folder. The executable launches and searches your drive letters looking for files to encrypt. It adds an extension to the name of each supported data file it locates. The name is determined by the version of the program that has affected your system. With the release of new variants of TeslaCrypt, the program uses different file extensions for the encrypted files. TeslaCrypt currently utilizes the following extensions for encrypted files:.cccc..abc..aaa..zzz..xyz. There is a possibility that you could use the TeslaDecoder tool to decrypt your encrypted files for free of cost. It is dependent on the version of TeslaCrypt is infected.



TeslaCrypt examines every drive letter on your computer to find files to encrypt. It can scan network shares, DropBox mappings and removable drives. However, it will only target the data files on network shares in the event that you have the share assigned as an drive letter on your computer. The ransomware will not encrypt files on network shares even if you don't have the network share mapped as a drive letter. Once it has completed scanning your PC, it will erase all Shadow Volume Copies. This is done to prevent you from restoring damaged files. The title of the application displayed after encryption of your computer indicates the ransomware's version.



How TeslaCrypt is able to infect your computer



TeslaCrypt infects computers when a user browses a hacked website that runs an exploit kit and whose computer has outdated programs. Developers hack websites to distribute the malware. An exploit kit is a software program that they install. This program aims to exploit weaknesses that are present in your computer's programs. Some of the programs with vulnerabilities are typically exploited include Windows, Acrobat Reader, Adobe Flash and Java. If the exploit tool succeeds in exploiting the weaknesses on your computer, it will automatically installs and starts TeslaCrypt without your knowledge.



You should, therefore, ensure that your Windows and other programs installed are up-to-date. It will protect you from potential security issues that could lead to infection of your system with TeslaCrypt.



This ransomware was the very first to actively target data files used by PC video games. It targets game files for games such as MineCraft, Steam, World of Tanks, League of Legends and Half-life 2. Diablo, Fallout 3, Skyrim, Dragon Age, Call of Duty, RPG Maker, and many others. However, it hasn't been established if the game's targets result in increased revenue for the malware creators.



Versions of TeslaCrypt, and the file extensions that go with it.



TeslaCrypt is frequently updated to include new file extensions and encryption methods. The first version encrypts files that have the extension .ecc. In this scenario, the encrypted files aren't coupled with data files. TeslaDecoder can also be used to recover the original encryption key. If the decryption keys were zeroed out, and the key was found to be partial in key.dat it's possible. You can also find the Tesla request that was sent directly to the server along with the keys for decryption.



There is a different version that comes with encrypted extensions for files of .ecc and .ezz. One cannot recover the original decryption key without having the private key of the authors of the ransomware if the decryption was removed. The encrypted files are also not paired with the data file. Decryption key can be git from the Tesla request that is sent to the server.



For the version with extension file name .ezz and .exx, the original encryption key can't be recovered without the author's private key in the event that the decryption key was zeroed out. Files encrypted with the extension.exx are able to be linked with data files. Decryption key can also be obtained via the Tesla request to the server.



Versions with encrypted files with extensions.ccc or.abc don't use data files. The key to decrypt cannot be stored on your computer. It can only be decrypted when the victim is able to capture the key as it is being transmitted to a server. The key to decrypt can be retrieved from Tesla request to the server. It is not possible to do this with versions prior to TeslaCrypt v2.1.0.



Release of TeslaCrypt 4.0



The authors recently released TeslaCrypt4.0 sometime in March 2016. The new version has been updated to fix an issue that caused damaged files that were larger than 4GB. It also has new ransom notes, and does not make use of an extension for encrypted files. It is difficult for users to find out about TeslaCryot or what happened to their files since there is no extension. With the latest version, users will need to follow the paths outlined in the ransom notes. It is not possible to decrypt files with no extension without a key bought or Tesla's personal key. The files could be decrypted in the event that the victim captured the key as it was sent to the server during encryption.


Here's my website: https://minecraftservers.fun/