Security Awareness Training Blog

    Major TeslaCrypt Ransomware Offensive Underway

    TeslaCrypt Phishing Email HeaderThis month, Symantec researchers reported a boost in TeslaCrypt attacks, going from 200 a day to 1,800. 

    TeslaCrypt first appeared in March 2015, and differentiated itself because many of the 185 file types it targeted were associated with computer games and -- content that users would have a hard time replacing.

    As is common with new strains of ransomware, initially security researchers found a weakness in TeslaCrypt's encryption routine and created a tool that could decrypt files affected by some versions of the program. However, the developers went back to the drawing board and came up with new, improved versions which they started selling on the underground market to other cybercriminals.

    The number of attacks have stayed relatively low until late November when the number of TeslaCrypt infection attempts detected by Symantec went up dramatically, suggesting that one cybercriminal group is ramping up its use of this malicious program.

     

    TeslaCrypt Ransomware Detections

    Much of the current wave of TeslaCrypt attacks involves spam emails using a range of social engineering techniques to lure the recipient into opening them. Examples of the subject lines used in these emails include:

    • [ID:<random number>] Would you be so kind as to tell me if the items listed in the invoice are correct?
    • [ID: <random number>] Please accept our congratulations on a successful purchase and best wishes.
    • [ID<random number>] Would you be nice enough to provide us with a wire transfer confirmation.

    The TeslaCrypt email attachments can include the words "invoice," "doc," or "info," but in reality they contain heavily obfuscated JavaScript code designed to evade antivirus detection and download the ransomware program.

    If the attack is successful, the program will encrypt all files with a strong encryption algorithm and will add the .VVV extension to them. It will also drop text and HTML ransom notes that instruct victims how to access Tor-hosted sites in order to pay the ransom.

    "Given that this group using TeslaCrypt has been highly active in recent weeks, businesses and consumers should be on their guard, keep their security software regularly updated, and exercise caution when opening emails from unfamiliar sources," the Symantec researchers said in a blog post. "Users should also regularly back up any files stored on their computers. If a computer is compromised with ransomware, then these files can be restored once the malware is removed from the computer.

    TeslaCrypt infections can be prevented with effective security awareness training. Find out how affordable that is for your organization and be pleasantly surprised!

    Get A Quote Now  

     

    Return To KnowBe4 Security Blog

    Topics: Ransomware

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe To Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews