TeslaCrypt Ransomware

TeslaCrypt is a file encryptor Trojan that targets data related to video gaming applications and modifies the files to be unusable. After its attack, TeslaCrypt generates multiple decryption instructions, which TeslaCrypt uses to force its victims to pay a fee for the restoration of all affected data. In spite of the unusual choice of targets, TeslaCrypt can be hindered by all the usual security procedures malware experts encourage against all file encryptors. Naturally, removing TeslaCrypt infections from any PC can (and should) use industry-standardized anti-malware solutions.

When a Trojan Shoves Your Gaming Life into a Crypt

TeslaCrypt, a suspected upgrade or spinoff of the CryptoWall Ransomware, is a Trojan that generates profit from modifying prominent types of files with an AES encryption function. This feature prevents them from being opened until the process can be reversed (or 'decrypted'). Although this attack is a standard Trojan payload, TeslaCrypt has quickly gained some minor notoriety from specializing in files related to various gaming programs. Games targeted by TeslaCrypt may include ones as massive as World of Warcraft or Call of Duty, down to relatively niche titles, such as RPG Maker or DayZ.

Malware experts also see potential in TeslaCrypt for encrypting files unrelated to games, such as JPG images or Notepad TXT files. However, specialized formats specific to gaming programs, such as DayZ's profiles, also may be included. Unusually, many of the games in TeslaCrypt's list are non-local in terms of data storage, meaning that is no permanent harm to your game account. However, TeslaCrypt also implements a simple form of Windows lockdown during its encryption and corresponding ransom attempt.

TeslaCrypt deletes Shadow Volume Copies and other data used to revert the state of your PC in the event of your invoking a System Restore Point. TeslaCrypt also generates a pop-up window, a desktop wallpaper and an additional, redundant text file, all of which contain instructions on how to recover your encrypted files.

TeslaCrypt's instructions request a surprisingly large payment (between five hundred or one thousand USD, depending on whether the victim uses BitCoin or PayPal) fee in return for its decrypting of your data. TeslaCrypt also provides a well-supported interface for instant messaging its creators and, like some versions of Cryptowall, a 'sample' decryption service that works for a single file.

Breathing TeslaCrypt's Files Back to Life

TeslaCrypt may make the unusual concession of proving that TeslaCrypt can decrypt the above files, but malware researchers would advise you to take advantage of cheaper methods of restoring your files than paying the people behind TeslaCrypt. Remote backups can store your information out of reach of any file-encrypting attacks TeslaCrypt is capable of implementing, and you can reinstall non-local games (such as MMORPGs) once you've uninstalled TeslaCrypt. Deleting TeslaCrypt should be straightforward with standard anti-malware tools, although restarting your PC via additional security steps is expected to be mandatory for disabling TeslaCrypt first.

Gaming assaults aside, TeslaCrypt also is the advent of PayPal-related support for the file encryption 'marketplace.' As one of the few Trojans to support Paypal 'My Cash' cards, TeslaCrypt may mark the onset of future ransomware encroachment into regions less likely to support Ukash and other, previously favored transaction methods.

Technical Details