TeslaWare Ransomware

Posted: May 31, 2017

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	10/10
Infected PCs:	68

First Seen:	May 31, 2017
OS(es) Affected:	Windows

The TeslaWare Ransomware is a Trojan (unrelated to the TeslaCrypt family) that uses encryption to lock your files before displaying a ransom-themed pop-up. Con artists don't always help their victims unlock their media, even when they pay them, and malware experts recommend using free decryption solutions or backups, instead. When possible, use anti-malware programs to delete the TeslaWare Ransomware before it compromises your PC.

The Trojans Made When Their Programmer is More of a Marketer

Besides Trojans that their threat actors design and distribute independently, file-encrypting threats also are managed under what's known as the Ransomware-as-a-Service or RaaS business model. With the latter, particularly, malware experts are noting a reoccurring emphasis on brand power and marketing to lure other on artists into paying to use this black market software. However, like any advertisement, these claims sometimes are more bluster than fact, such as in the TeslaWare Ransomware.

In spite of the name, the TeslaWare Ransomware is not a part of the semi-numerous TeslaCrypt family, but, instead, takes its name from references to the historical figure Nikola Tesla. After paying the original author, various threat actors can distribute the TeslaWare Ransomware through any means they prefer for compromising the victims' PCs and collecting ransoms. Visible symptoms are, as usual, minimal until after the Trojan finishes its data-locking attack.

Some of what malware experts are judging as the TeslaWare Ransomware's core features, contrasted with its marketing claims, are presented below:

The TeslaWare Ransomware uses an AES-based encryption feature to lock various files on the computer. Instead of whitelisting specific files to block, the TeslaWare Ransomware blacklists a handful of formats (EXE, DLL, SYS, LNK and TESLA) for encryption and encodes all other media. Although the TeslaWare Ransomware's author claims that it's immune to traditional decryption solutions, malware experts are rating this claim as false
Similarly to the Jigsaw Ransomware, the TeslaWare Ransomware also creates a pop-up with both its ransoming demands and multiple timers, when it finishes the previous attack. The revolver-themed time limit triggers the deletion of ten, randomly chosen files, while the other one will cause the TeslaWare Ransomware to erase all the contents of your C drive.
The TeslaWare Ransomware also is promoted as being FUD or 'fully undetectable' by security software, although this claim appears to be as inaccurate as the TeslaWare Ransomware's supposed defense against decryption.
Very unusually, the TeslaWare Ransomware also includes two (currently deactivated) networking features, one of which could duplicate the Trojan as a PIF file, to compromise other PCs over local networks.

Taking the TeslaWare Ransomware's Finger Off the File-Deleting Trigger

The TeslaWare Ransomware is a Trojan of sharp, contrasting characteristics, with an author who's provided a highly-polished RaaS marketing campaign, contrasting with the features the Trojan is capable of delivering to its underground customers. However, even with more limitations than one would assume, the TeslaWare Ransomware is a credible risk to both your files and your network security. Compromised PCs should be isolated from other systems until disinfected, and malware experts suggest looking for assistance from professional anti-malware researchers if decryption is necessary.

Although it has the potential for installation through any number of different methods, Trojans like the TeslaWare Ransomware are in circulation with the help of spam e-mails or websites running corrupted scripts frequently. You can block these scripts with appropriate browser settings and add-ons, in addition to being able to detect them as threats with any traditional anti-malware product. Because of its potential for backdoor-related attacks, malware experts encourage removing the TeslaWare Ransomware with dedicated anti-malware software that also could detect any other threats.

The TeslaWare Ransomware isn't the dawn of a new age of flawless, file-encrypting threats that it advertises itself as being. However, for users trying to dodge the bullet of getting their files deleted, that difference may seem like nitpicking, at best.

TeslaWare Ransomware

Threat Metric

The Trojans Made When Their Programmer is More of a Marketer

Taking the TeslaWare Ransomware's Finger Off the File-Deleting Trigger

Leave a Reply