Menu
Attacks using TeslaCrypt ransomware intensify

Attacks using TeslaCrypt ransomware intensify

The number of daily TeslaCrypt attacks have increased nine times in two weeks

Over the past two weeks security researchers have seen a surge in attacks using a file-encrypting ransomware program called TeslaCrypt, known for targeting gamers in the past.

TeslaCrypt first appeared in March and stood out because over 50 of the 185 file types it targeted were associated with computer games and related software, including game saves, custom maps, profiles, replays and mods -- content that users might have a hard time replacing.

In April researchers from Cisco found a weakness in TeslaCrypt's encryption routine and created a tool that could decrypt files affected by some versions of the program.

Since then, the ransomware program's authors have continued to refine it and started selling it on the underground market to other cybercriminals. However, the number of attacks have stayed relatively low until late November when security researchers from Symantec observed a significant change.

Over the past two weeks the number of TeslaCrypt infection attempts detected by Symantec went up from around 200 a day to 1,800, suggesting that one cybercriminal group is ramping up its use of this malicious program.

The group's preferred method of infection is through spam emails with malicious attachments. The subject lines of these emails begin with "ID," followed by a random number and a request related to alleged invoices, successful orders or wire transfers.

Judging by these topics, the attackers are targeting businesses -- a new trend for ransomware attacks in general that's fueled by businesses being more willing to pay to recover important files.

The malicious TeslaCrypt email attachments may include the words "invoice," "doc," or "info," but they actually contain heavily obfuscated JavaScript code designed to evade antivirus detection and download the ransomware program.

If the attack is successful, the program will encrypt all files with a strong encryption algorithm and will add the .VVV extension to them. It will also drop text and HTML ransom notes that instruct victims how to access Tor-hosted sites in order to pay the ransom.

"Given that this group using TeslaCrypt has been highly active in recent weeks, businesses and consumers should be on their guard, keep their security software regularly updated, and exercise caution when opening emails from unfamiliar sources," the Symantec researchers said in a blog post. "Users should also regularly back up any files stored on their computers. If a computer is compromised with ransomware, then these files can be restored once the malware is removed from the computer."


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Featured

Slideshows

Meet the leading female front runners of the Kiwi channel

Meet the leading female front runners of the Kiwi channel

Reseller News honoured the leading female front runners of the New Zealand channel at the 2018 Women in ICT Awards (WIICTA) in Auckland. The awards honoured standout individuals across seven categories, spanning Entrepreneur; Innovation; Rising Star; Shining Star; Community; Technical and Achievement.

Meet the leading female front runners of the Kiwi channel
Meet the top performing customer-centric Microsoft channel partners

Meet the top performing customer-centric Microsoft channel partners

Microsoft honoured leading partners across the channel following a year of customer innovation and market growth in New Zealand. The 2018 Microsoft Partner Awards recognised excellence within the context of the end-user, spanning a host of emerging and established providers.

Meet the top performing customer-centric Microsoft channel partners
Reseller News launches new-look Awards at 2018 Judges’ Lunch

Reseller News launches new-look Awards at 2018 Judges’ Lunch

Introducing the Reseller News Innovation Awards, launched to the channel at the 2018 Judges’ Lunch in Auckland. With more than 70 judges now part of the voting panel, the new-look awards will reflect the changing dynamics of the channel, recognising excellence across customer value and innovation - spanning start-ups, partners, distributors and vendors.

Reseller News launches new-look Awards at 2018 Judges’ Lunch
Show Comments