Notes

History And Development Of TeslaCrypt Ransomware

TeslaCrypt is a ransomware program that encrypts files that targets all Windows versions including Windows Vista, Windows XP and Windows 7. This program was released in the first time around the end of February 2015. After it has infected your PC, TeslaCrypt will search for data files and then encrypt them with AES encryption, so that you will no longer be able to open them.



When all your data files have been infected, an app will be displayed. It will provide details on how to recover them. There is a link in the instructions to connect you to the TOR Decryption Service website. The site will provide information on the current ransom amount and the number of files that have been encrypted, and the method you can use to pay to ensure that your files are released. The ransom usually starts at $500. It is payable in Bitcoins. There is a distinct Bitcoin address for each victim.



After TeslaCrypt has been installed on your computer , it will generate a randomly-labeled executable within the folder named %AppData%. The executable is launched and examines your computer's drive letters looking for files to encrypt. It adds an extension to the name of the file and then encrypts any supported data files it finds. This name is derived from the version that affected your computer. The program is now using different extensions for files to encrypt encrypted files, with the release of the latest versions of TeslaCrypt. Currently, TeslaCrypt uses the following extensions: .ccc, .abc, .aaa, .zzz, .xyz, .exx, .ezz and .ecc. There is a chance that you can use the TeslaDecoder tool to decrypt your encrypted files for free of cost. It, of course, depends on the version of TeslaCrypt that's infected your files.



TeslaCrypt examines all drive letters on your computer in order to find files that need to be encrypted. It can be used to encrypt network shares, DropBox mappings, and removable drives. It only targets network shares data files if the network share is mapped as a drive letters on your computer. If you haven't mapped the network share as a drive letter the ransomware will not encrypt the files on that network share. Once it is done scanning your computer, it will erase all Shadow Volume Copies. This is to prevent you from restoring the affected files. The version of the ransomware is identified by the application's title, which appears after encryption.



How TeslaCrypt infects your computer



TeslaCrypt is infected by computers when a user browses an untrusted website that runs an exploit kit and whose computer is running outdated software. To distribute this malware hackers hack websites. An exploit kit is a software program that they install. This tool exploits vulnerabilities in the programs on your computer. Some of the programs with vulnerabilities are typically exploited are Windows, Acrobat Reader, Adobe Flash and Java. When https://mcprofile.net/ succeeds in exploiting vulnerabilities on your computer, it will automatically installs and launches TeslaCrypt without your knowledge.



Therefore, you should ensure that you Windows and other installed programs are up-to-date. It will protect you from potential vulnerabilities that could lead to the infecting of your computer with TeslaCrypt.



This ransomware was the first to actively target data files used by PC video games. It targets game files from games like Steam, World of Tanks and League of Legends. Diablo, Fallout 3 Skyrim, Dragon Age Dragon Age, Call of Duty and RPG Maker are just a few of the games it targets. It has, however, not been ascertained whether the game's targets result in more revenue for developers of this malware.



Versions of TeslaCrypt and related file extensions



TeslaCrypt is updated regularly to include new encryption techniques and file extensions. The initial version encrypts files using the extension .ecc. The encrypted files, in this instance, are not paired with the data files. TeslaDecoder can also be used to recover the original decryption key. It is possible to do this if the key used to decrypt was zeroed out, and a partial key was found in key.dat. There is also the Tesla request sent directly to the server, along with the keys for decryption.



Another version is available with encrypted file extensions.ecc or.ezz. If the decryption key was not zeroed out, one cannot recover the original key. The encrypted files are not coupled with the data files. The Tesla request can be transmitted to the server using the decryption key.



The original encryption keys for the versions with extensions file names.ezz or.exx cannot be recovered without the authors private key. If the secret key for decryption was zeroed out, it won't be possible to retrieve the decryption keys. Encrypted files that have the extension.exx can be joined with data files. You can also request a decryption key through the Tesla server.



Versions with encrypted file extensions.ccc.,.abc..aaa..zzz, and.xyz do not use data files. The key to decrypt cannot be stored on your system. It can only be decrypted in the event the victim has captured the key in the process of being sent to the server. You can get the decryption key by contacting Tesla. This is not available for TeslaCrypt versions prior to v2.1.0.



The release of TeslaCrypt 4.0



The authors recently released TeslaCrypt4.0 sometime in March 2016. The new version fixes a glitch that corrupted files larger than 4GB. It also contains new ransom notes and does not require encryption files to be encrypted. The absence of an extension makes it difficult for users to discover the existence of TeslaCryot and what has happened to their files. With the latest version, victims will need to follow paths developed through the ransom notes. It is not possible to decrypt files without an extension without a key purchased or Tesla's personal key. If the victim takes the key as it was being sent to a server and the files are decrypted.


Website: https://mcprofile.net/