Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    New TeslaCrypt's Shrewd Disguise as CryptoWall

    TeslaCrypt Ransomware Heat Map

    Security researcher Fedor Sinitsyn reported on the new TeslaCrypt V2.0. This family of ransomware is relatively new, it was first detected in February 2015. It's been dubbed the "curse" of computer gamers because it targets many game-related file types. The attackers are focusing on the U.S. and Germany. See the hotmap to the right.

    The innovation rate of TeslaCrypt is furious, lots of changes are being made, including ripping off CryptoWall's identity, which is a clear case of borrowing CryptoWall's reputation, trying to make people pay as soon as possible. The encryption scheme has been improved again and is now even more sophisticated than before. Keys are generated using the ECDH algorithm. 

    Early versions of TeslaCrypt were designed to check whether a Bitcoin payment had been successfully made on the blockchain.info site. If the payment was received, the malware reported this to the command server and received a key to decrypt the files. This scheme was vulnerable, since an expert could send a request to the C&C and get the necessary key without making a payment. This has been corrected / replaced with a completely new decryption feature.

    The TeslaCrypt family gets distributed using Exploit Kits like Angler, Sweet Orange and Nuclear. It focuses on malvertising (malicious ads on large sites like Yahoo, Drudge, CBSSports and HuffPost), paid for by stolen credit cards. This is very hard to defend against.  Here is how that works: when a victim visits an infected website, the Exploit Kit scans the victim's browser and finds vulnerabilities (usually in plugins) and installs the Trojan in the system.

    What To Do About It

    1. Backup your important files frequently. Store the backup files on write-only drives as part of the backup process. At home, you could use an external hard drive, and unplug the drive after backing up. 
    2. Immediately update your browser when new versions are released, and also update the browser plugins regularly. Try to use the minimum amount of plugins, these are often badly written. However, it's time to start using AdBlocker plugins, and filter out all the malvertising before it hits your end-user. 
    3. Scan workstations for outdated versions of third-party apps and update these ASAP. Secunia is a good tool for this. 
    4. Step all users through effective security awareness training, because ransomware also uses phishing and infected email attachments as major infection vectors.

    Check out the KnowBe4 website and find out how affordable Kevin Mitnick Security Awareness Training is, you will be pleasantly surprised:

    Get A Quote Now

     

    More details at the securelist.

     

    Return To KnowBe4 Security Blog

    Topics: Ransomware

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews