What is the TeslaCrypt ransomware?
TeslaCrypt is ransomware that infects computers that have specific games installed and encrypts important files. And then it extorts a ransom of $500 in order to obtain the secret key for decrypting the encrypted files. The ransomware was first detected in August 2015, and till then, it has infected and is still infecting many computers.
How does the TeslaCrypt ransomware infect a computer?
Most of the TeslaCrypt attacks involve spam emails. Attackers first send spam emails to victims and use social engineering techniques to deceive the victims to open the email.
The subject line of the email may contain :
- [ID:{RANDOM NUMBER}] Would you be so kind as to tell me if the items listed in the invoice are correct?
- [ID: {RANDOM NUMBER}] Please accept our congratulations on a successful purchase and best wishes.
- [ID{RANDOM NUMBER}] Would you be nice enough to provide us with a wire transfer confirmation?
The spam emails contain attachments that may have a .zip extension. But it actually contains a malicious JavaScript file. On opening the attachment, the malicious JavaScript code starts execution and infects the computer with the TeslaCrypt ransomware.
Upon infection, the ransomware searches for a list of files with some specific extensions that are mainly involved in saving data, player profiles, custom maps, and game modes and encrypts them. The newer variants of TeslaCrypt are not focused on computer games alone and can encrypt files, including Word, PDF, and JPEG.
The TeslaCrypt ransomware encrypts important files with AES symmetric keys and demands a ransom of $500 worth of Bitcoins to get the secret key to decrypt the encrypted files.
The financial gain of attackers of the TeslaCrypt ransomware
Attackers buy TeslaCrypt ransomware from the underground black market. They pay the TeslaCrypt authors …
0 Comments