Saturday, 26 March 2016

TeslaCrypt Ransomware Could Infect Your Hard Drives

TeslaCrypt Ransomware Could Infect Your Hard Drives

A new Ransomware dubbed “Teslacrypt” had been exclusively for PC Game addicts. As this Ransomware centrally concentrates to infect the Games, upon the infection, the user would no longer be able to resume their game, where they had paused from last time.

What is it?

Teslacrypt had been roaming around the cyber corners for a long time. Teslacrypt is a Ransomware, which belongs to the notorious Trojan Family. This malware also searches for around 185 different file extensions that span to 40 PC games, which includes Call of Duty (COD) Series, World of Warcraft, Minecraft and World of Tanks.

How it infects?

Teslacrypt mainly distributes through the Angler Exploit Kit, which ultimately infects the Game installed systems. This heavily makes use of the vulnerable versions of the Adobe Flash (CVE-2015-0311), Microsoft Silverlight and via Internet Explorer.

It is infected through the visits to malicious websites by users, which contains the hidden presence of Teslacrypt as a payload in the site’s iframe.

Once infected, the Teslacrypt would get triggered into the system through the payload.

Impact of the System

Upon the successful infection, the Teslacrypt would infect the game executables and infects the files targeted such as save data, player profiles, custom maps and game mods stored on the victim's hard drives.

It prevents the users to access the game, leading to a temporary lockout. To get rid of this, the ransomware displays a window to pay the ransom worth 500$ through the TOR network to obtain the decryption key. It also allots a time frame to pay the ransom. When the allotted time window gets closed, it again refreshes to double the amount with the newly updated time frame.

The newer versions of Teslacrypt can encrypt the files ranging from jpeg to pdf. But TeslaCrypt does not encrypt files that are larger than 268 MB.

How to Getting Rid?

A new tool called  “Ransomware Rescue kit” had been released for free by a security researcher to get away from this kind of ransomwares. Once the type of ransomware is identifiable, you have the option to try and decrypt files and remove the ransomware threat from the infected system with the help of the kit's removal tools.

There are other methods which could be beneficial to thwart such attacks in the future such as:-

>>Create every Backup files exclusively in another system which is isolated from the intranet or internet.

>> Update of AntiVirus or Anti-Malware programs would automatically update the latest threats, which could prevent you from the infection.

>>It is also important to keep the browsers updated, so any known vulnerabilities would not be exploited, which hinders the ransomware execution in near future.

About the Author:
Rakesh Krishnan is a Trainee Security and Professional Technology Writer. He is a Security Evangelist, Passionate about Information Security and Penetration Testing. His Special Field of Interests include Espionage, Bitcoin Dark Web and much more.


Post a Comment

Note: only a member of this blog may post a comment.

Toggle Footer