The History And Development Of TeslaCrypt Ransomware TeslaCrypt is a file-encrypting ransomware program designed for all Windows versions including Windows Vista, Windows XP, Windows 7 and Windows 8.

The History And Development Of TeslaCrypt Ransomware

TeslaCrypt is a file-encrypting ransomware program designed for all Windows versions including Windows Vista, Windows XP, Windows 7 and Windows 8. This ransomware application was first released towards the end February 2015. When it is infected on your computer, TeslaCrypt will search for data files and then encrypt them using AES encryption such that you will no longer be capable of opening them.

As soon as all the data files on your computer are affected, an application will be displayed that gives information on how to retrieve your files. There is a link in the instructions that connects you to the TOR Decryption Services website. The site will provide details of the current ransom amount, the number of files encrypted and how you can pay the ransom so that your files can be released. The average ransom is $500. It is payable through Bitcoins. There is a different Bitcoin address for each victim.

After TeslaCrypt is installed on your computer , it will create an executable with a random label in the folder named %AppData and %. The executable starts and searches your drive letters for files that can be encrypted. It then adds an extension the name of the file, and then it encrypts any data files it finds. The name is determined by the version that has affected your computer. The program is now using different file extensions to encrypt encrypted files with the release of the latest versions of TeslaCrypt. TeslaCrypt currently uses the following extensions for encrypted files:.cccc..abc..aaa..zzz..xyz. You can utilize TeslaDecoder to decrypt encrypted files for free. It, of course, depends on the version of TeslaCrypt that has infected your files.

You should be aware that TeslaCrypt will scan all of the drive letters on your computer to identify files to secure. It can scan network shares, DropBox mappings and removable drives. Gaming It only targets network shares data files when the network share is identified as a drive letter on your computer. The ransomware won''t secure files on network shares if you don''t have the network share marked as a drive letter. After scanning your computer it will delete all Shadow Volume Copies. This is to prevent you from restoring affected files. The title of the application displayed after the encryption of your computer shows the version of the ransomware.

How TeslaCrypt infects your computer

TeslaCrypt is a computer virus that can be infected when a user visits an untrusted website that runs an exploit kit and whose computer has outdated programs. To distribute this malware, hackers hack websites. An exploit kit is a software program that they install. This tool exploits weaknesses within your computer''s programs. Some of the programs that have vulnerabilities are usually exploited include Windows, Acrobat Reader, Adobe Flash and Java. Once the exploit kit has successfully exploited the vulnerabilities on your computer it will automatically install and launch TeslaCrypt.

You should, therefore, ensure that your Windows and other programs installed are up-to-date. This will safeguard your computer from potential vulnerabilities that could cause infection by TeslaCrypt.

This ransom ware was the first of its kind to target data files that are used by PC video games. It targets game files of games like Steam, World of Tanks and League of Legends. Diablo, Fallout 3, Skyrim, Dragon Age, Call of Duty, RPG Maker and many more. It has, however, not been ascertained whether the game''s targets result in more profits for the developers of this malware.

Versions of TeslaCrypt and file extensions

TeslaCrypt is regularly updated to include new encryption methods and file extensions. The first version encrypts files with the extension .ecc. In this case, the encrypted files aren''t associated with data files. The TeslaDecoder can also be used to recover the original encryption key. If the keys used to decrypt were zeroed out and a partial key was found in key.dat it''s possible. You can also find the Tesla request that was sent directly to the server, along with the decryption keys.

There is a different version that comes with encrypted file extensions of .ecc and .ezz. The original decryption key without having the author''s private key in the event that the encryption was zeroed out. The encrypted files are also not associated with the data file. Decryption key can be git from the Tesla request that is sent to the server.

For the versions with an extension file names .ezz and .exx, the original decryption key cannot be obtained without the authors'' private key in the event that the decryption key was zeroed out. The encrypted files that have the extension .exx are associated with data files. Decryption key can also be obtained from the Tesla request to the server.

The version with encrypted extensions for files .ccc, .abc, .aaa, .zzz and .xyz does not use data files and the decryption key is not stored on your computer. It is only decrypted if the victim captures the key as it is being transmitted to a server. The key to decrypt can be retrieved from Tesla request to the server. This is not available for TeslaCrypt versions prior to v2.1.0.

Release of TeslaCrypt 4.0

Recently, the developers released TeslaCrypt 4.0 in the month of March. A quick analysis indicates that the latest version has fixed a flaw that previously corrupted files bigger than 4GB. The version also comes with new ransom notes, and does not use an extension for encrypted files. It is difficult for users to find out about TeslaCryot or what occurred to their files as there is no extension. With the new version, users will need to follow the path outlined in the ransom notes. It is not possible to decrypt files with no extension without a purchased key or Tesla''s personal key. If the user captures the key while it was being transmitted to servers the files could be decrypted.