Menu
Attacks using TeslaCrypt ransomware intensify

Attacks using TeslaCrypt ransomware intensify

The number of daily TeslaCrypt attacks have increased nine times in two weeks

Over the past two weeks security researchers have seen a surge in attacks using a file-encrypting ransomware program called TeslaCrypt, known for targeting gamers in the past.

TeslaCrypt first appeared in March and stood out because over 50 of the 185 file types it targeted were associated with computer games and related software, including game saves, custom maps, profiles, replays and mods -- content that users might have a hard time replacing.

In April researchers from Cisco found a weakness in TeslaCrypt's encryption routine and created a tool that could decrypt files affected by some versions of the program.

Since then, the ransomware program's authors have continued to refine it and started selling it on the underground market to other cybercriminals. However, the number of attacks have stayed relatively low until late November when security researchers from Symantec observed a significant change.

Over the past two weeks the number of TeslaCrypt infection attempts detected by Symantec went up from around 200 a day to 1,800, suggesting that one cybercriminal group is ramping up its use of this malicious program.

The group's preferred method of infection is through spam emails with malicious attachments. The subject lines of these emails begin with "ID," followed by a random number and a request related to alleged invoices, successful orders or wire transfers.

Judging by these topics, the attackers are targeting businesses -- a new trend for ransomware attacks in general that's fueled by businesses being more willing to pay to recover important files.

The malicious TeslaCrypt email attachments may include the words "invoice," "doc," or "info," but they actually contain heavily obfuscated JavaScript code designed to evade antivirus detection and download the ransomware program.

If the attack is successful, the program will encrypt all files with a strong encryption algorithm and will add the .VVV extension to them. It will also drop text and HTML ransom notes that instruct victims how to access Tor-hosted sites in order to pay the ransom.

"Given that this group using TeslaCrypt has been highly active in recent weeks, businesses and consumers should be on their guard, keep their security software regularly updated, and exercise caution when opening emails from unfamiliar sources," the Symantec researchers said in a blog post. "Users should also regularly back up any files stored on their computers. If a computer is compromised with ransomware, then these files can be restored once the malware is removed from the computer."


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Events

Why experience is the new battleground for partners

Join us for an exclusive webinar, in association with Hewlett Packard Enterprise and Technology Services Industry Association (TSIA) and learn about the latest industry insights and how technology services continue to evolve to deliver differentiated value, and how partners can be successful in 2021 and beyond.

Featured

Slideshows

Channel kicks 2021 into gear as After Hours returns to Auckland

Channel kicks 2021 into gear as After Hours returns to Auckland

After Hours made a welcome return to the channel social calendar with a bumper crowd of partners, distributors and vendors descending on The Pantry at Park Hyatt in Auckland to kick-start 2021.

Channel kicks 2021 into gear as After Hours returns to Auckland
The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

Hundreds of leaders from the New Zealand IT industry gathered at the Hilton in Auckland on 17 November to celebrate the finest female talent in the Kiwi channel and recognise the winners of the Reseller News Women in ICT Awards (WIICTA) 2020.

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards
Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

The leading female front runners of the New Zealand ICT industry joined together for the annual Reseller News Women in ICT Awards event at the Hilton in Auckland, during which hundreds of guests celebrated 13 outstanding individuals who won awards, chosen from more than 50 finalists representing over 30 organisations.

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards
Show Comments