User description

TeslaCrypt is an encryption program for files that targets all Windows versions, including Windows Vista, Windows XP and Windows 7. This ransomware application was first introduced towards the end of February 2015. After it has infected your computer, TeslaCrypt will search for data files and then encrypt them with AES encryption, so that you won't be able to open them. After all your data files are infected, a program will be displayed. It will give you information on how to recover the files. There is a hyperlink in the instructions that connects you to a TOR Decryption Service site. This site will provide information on the current ransom amount, how many files have been encrypted, as well as how to make payment so your files can be released. The ransom amount typically starts at $500. It is payable in Bitcoins. Each customer will have a unique Bitcoin address. Once TeslaCrypt is installed on your computer, it will create an executable with a random label in the %AppData% folder. The executable is launched and searches your drive letters to find files that can be encrypted. When it detects a supported data file the file is encrypted and adds a new extension to the name of the file. This name is determined by the version that affected your system. With the release of new variants of TeslaCrypt the program is using various file extensions to store the encrypted files. Minecraft servers At present, TeslaCrypt uses the following extensions: .ccc, .abc, .aaa, .zzz, .xyz, .exx, .ezz and .ecc. There is a chance that you could utilize the TeslaDecoder tool to decrypt your encrypted files free of charge. It depends on which version of TeslaCrypt is infected. TeslaCrypt scans all drive letters on your computer to find files to encrypt. It can scan network shares, DropBox mappings and removable drives. However, it is only able to target data files on network shares when you have the share mapped as an drive letter on your computer. The ransomware won't encrypt files on network shares if you don't have the network share mapped as drive letter. After scanning your computer it will delete all Shadow Volume Copies. This prevents you from restoring the affected files. The application title displayed after encryption of your computer shows the version of the ransomware. How TeslaCrypt is able to infect your computer TeslaCrypt is a computer virus that can be infected if the user goes to a hacker site with an exploit kit and outdated software. To spread this malware, hackers hack websites. They install a specific software program dubbed an exploit kit. This tool exploits vulnerabilities in the programs on your computer. Some of the programs with vulnerabilities are typically exploited are Windows, Acrobat Reader, Adobe Flash and Java. Once the exploit kit has successfully exploited the vulnerabilities on your computer it automatically installs and launches TeslaCrypt. It is crucial to ensure that Windows and all other programs are up-to current. This will help you avoid possible weaknesses that could result in infection of your computer with TeslaCrypt. This ransom ware was the first to target data files utilized by PC video games. It targets game files from games like MineCraft, Steam, World of Tanks, League of Legends Half-life 2. Diablo, Fallout 3 Skyrim, Dragon Age Dragon Age, Call of Duty and RPG Maker are just a handful of the games it targets. However, it has not been ascertained whether game targets mean increased profits for the developers of this malware. Versions of TeslaCrypt and associated file extensions TeslaCrypt is regularly updated to incorporate new encryption methods and file extensions. The first version encrypts files which have the extension.ecc. In this instance encrypted files aren't coupled with data files. TeslaDecoder can also be used to retrieve the original encryption key. If the decryption keys were zeroed out, and a partial key was found in key.dat it is possible. There is also the Tesla request sent directly to the server along with the decryption keys. Another version is available with encrypted file extensions.ecc or.ezz. One cannot recover the original decryption key without having the private key of the authors of the ransomware in the event that the encryption was zeroed out. The encrypted files are also not paired with the data file. The Tesla request can be sent to the server with the decryption key. For the version with extension file names .ezz and .exx, the original encryption key can't be obtained without the authors' private key, if the decryption key was zeroed out. Files encrypted with the extension.exx can be joined with data files. You can also request a key for decryption from the Tesla server. The version with encrypted extensions for files .ccc, .abc, .aaa, .zzz and .xyz does not use data files and the decryption key is not stored on your computer. It is only decrypted if that the victim captures the key while it was being transmitted to the server. You can retrieve the decryption key by calling Tesla. This is not possible for TeslaCrypt versions after v2.1.0. TeslaCrypt 4.0 is now available Recently, the authors released TeslaCrypt 4.0 sometime in March 2016. A brief analysis shows that the new version corrects a bug that corrupted files earlier than 4GB. It also includes new ransom notes and doesn't make use of an extension for encrypted files. It is difficult for users to find out about TeslaCryot or what happened to their files since there is no extension. The ransom notes can be used to establish paths for victims. There are little established ways to decrypt files with no extension without a purchased decryption key or Tesla's personal key. The files can be decrypted if a victim took the key as it was being transmitted to the server during encryption.