TeslaCrypt Ransomware was first seen in early 2015. Though an aged Ransomware, but was one of the strongest malware program until it was defunct lately. Its makers unpredictably provided with the decryption key to the victims.
TeslaCrypt’s behavior has been observed to be more like CryptoLocker. It transmits itself through emails. Just like CryptoLocker, TeslaCrypt encrypts all files when it is activated. But there existed an underlying difference between the two, that being their targets. The former targets Windows PC, while the later preyed computer games.
How TeslaCrypt Worked?
TeslaCrypt used JavaScript attachments to infect devices. It used to send ZIP file, containing JavaScript which was a downloader. As soon as victim clicked on the attachment, it would download the payload to the Windows Script Host and encrypted files.
Henceforth, it displayed a HTML file, notifying the victim about the data encryption. This is when TeslaCrypt demanded ransom. The usual payment method of TeslaCrypt were PayPal and Bitcoin and average ransom demanded was $500. If the victim failed to make the payment in stated time, the malware program would double the amount.
TeslaCrypt’s Target Victims
TeslaCrypt, as stated above, primarily targeted computer games like game saves, player profiles, custom maps, recorded games, etc. Later on, it extended its outbreak and attacked JPEG, PDF and word files as well.
What was Different about TeslaCrypt?
The malware program stretched to the versions 4.0 and 4.1. It stopped using extension for encrypting files. This apparently made decryption process tougher. It also changed its mode of transmission from exploit kit to spam emails.
TeslaCrypt Decryption Key:
Recently, out of the blue, creators of the malware program released its universal decryption key. This key is available for all victims. Anyone can search for it and download it. This would help them decrypt TeslaCrypt encrypted files. This has been an unusual behavior in the history of Ransomware. Until now, none of the Ransomware hackers have provided with decryption key, rather their efforts are directed at strengthening the encryption type.
Is there a new Ransomware arising in the near future?
As we have stated above, this has been an unusual activity by the hackers. They have turned the situation other way round and providing decryption key. This can be a fresh step to develop and attack users with a new and stronger Ransomware.
All this will be apparent in the time to come. So now, we will have to wait until the next move of cyber criminals!!