Friday, March 25, 2016

TeslaCrypt Ransomware

TeslaCrypt is a ransomware which infects a computer mostly with some specific games installed and encrypt important files. And then, it extorts a ransom of $500 in order to obtain the secret key for decrypting the encrypted files.

The ransomware was first detected in August 2015 and till then, it has infected and still infecting many computers.

How does TeslaCrypt infect a computer

Most of the TeslaCrypt attack involves spam emails. Attackers first send spam emails to victims and use social engineering to convince the victims to open the email.

The subject line of the email may contain :

  • [ID:{RANDOM NUMBER}] Would you be so kind as to tell me if the items listed in the invoice are correct?
  • [ID: {RANDOM NUMBER}] Please accept our congratulations on a successful purchase and best wishes.
  • [ID{RANDOM NUMBER}] Would you be nice enough to provide us with a wire transfer confirmation.

The spam emails contain attachments which may have a .zip extension, but it actually contains a malicious JavaScript file.

On opening the attachment, the malicious JavaScript code starts execution and infects the computer with TeslaCrypt ransomware.

Upon infection, the ransomware searches for a list of files with some specific extensions, which are mainly involved in saving data, player profiles, custom maps and game mods, and encrypt them. The newer variants of TeslaCrypt are not focused on computer games only, and can encrypt files including Word, PDF and JPEG.

TeslaCrypt encrypts important files with AES symmetric keys and asks for a ransom of $500 worth of Bitcoins to get the secret key to decrypt the encrypted files.

Financial gain of attackers of TeslaCrypt

Attackers buy TeslaCrypt ransomware from underground blackmarket. They pay the TeslaCrypt authors and access various distribution channels like spam botnets or exploit kit.

After that, the attackers employ various attack methods to distribute the malware and infect computers. And upon infection, they extort money from the victims.

Is TeslaCrypt same as CryptoLocker

Though TeslaCrypt resembles CryptoLocker in function, but TeslaCrypt is quite different from CryptoLocker. TeslaCrypt shares no code with CryptoLocker and it is developed quite independently. So, TeslaCrypt is not same as CryptoLocker.


TeslaCrypt decryption key is already published. So, if you are already affected by TeslaCrypt, you can retrieve your files using the key.

And, we can always take a couple of steps to safeguard ourselves from any ransomware like TeslaCrypt :

  • Do not open email attachments if you are not very sure of the sender of the email.
  • Do not click on suspicious links.
  • Download software only from trusted source.
  • Keep your computer updated with recent anti-malware programs from some trusted sources.
  • Update commonly used software with recent security patches. Most of the time, attackers infect a computer with a malware exploiting security vulnerabilities of commonly used software in the computer.
  • Take regular backups of your important files.
  • And, if you are infected with any ransomware, never ever pay ransom to the attackers. Instead, look for some good anti-malware programs to remove the ransomware and retrieve the data. Because, extorting money from the victims is the main motivation of the attackers behind making these attacks. So, paying ransom to them will only make the problem worse.

So, beware of various malware and how to prevent them. And, stay safe, stay protected.


  1. Very nice its really informative post, t love to found this amazing post that is about Ransomware, I also found a Ransomware Removal Tool that really removes petya Ransomware.

  2. Very nice its really informative post, t love to found this amazing post that is about Ransomware, I also found a Ransomware Removal Tool that really removes petya Ransomware.

  3. Nice post and informative , i also have found Jigsaw Ransomware Removal Tool To Decrypt your locked files, and also i found Ransomeware Removal Tool for decrypting Petya Ransomware.

  4. Thanks to ESET ,ESET TeslaCrypt Decryptor Decrypts all your encrypted files for free.