TeslaCrypt Ransomware Cybercriminals Update and Increase Attacks to Exploit Small Businesses
In the recent weeks, the TeslaCrypt Ransomware threat has been on the move with additional infection attempts. The surge in attacks by TeslaCrypt Ransomware has been traced to one cybercriminal group, which is attempting to ramp up efforts to refuel their business by collecting fees from small businesses so they may decrypt and restore infected computers.
Confirmed by Symantec and researchers from Cisco, the spread TeslaCrypt Ransomware has undergone a major change to utilize infectious spam email message attachments to distribute the threat. The subject lines of the spam messages usually begin with "ID" followed up with random numbers and a request for invoices to be paid.
We know very well how TeslaCrypt Ransomware operates and that a multitude of small businesses are now paying up the fee that the threat asks to decrypt files instead of removing the malware. In knowing this, a cybercriminal group is ramping up their efforts to spread TeslaCrypt like never before. The infection attempts monitored by Symantec for TeslaCrypt have gone up from 200 a day to 1,800, which is an indication of its usage at a much high level by an unknown cybercriminal group. TeslaCrypt was even traced to be a major culprit in attacks on desktop game files over other file types.
The new trend that has been set forth for spreading TeslaCrypt is proving to be good for business on the side of the cybercriminals who are waging this new ransomware war. The TeslaCrypt spam email attachments are now more enticing than ever. They including the words "doc, info, invoice" and others that some unsuspecting computer users may believe is a legitimate message. The malicious emails contain heavily obfuscated JavaScript code that is known to evade detection by common antivirus applications.
Symantec researchers posted a blog post in the recent days providing caution to users and further explaining, "Users should also regularly back up any files stored on their computers. If a computer is compromised with ransomware, then these files can be restored once the malware is removed from the computer." The researchers also added that, "Given that this group using TeslaCrypt has been highly active in recent weeks, businesses and consumers should be on their guard, keep their security software regularly updated, and exercise caution when opening emails from unfamiliar sources."
With each successful attack by TeslaCrypt Ransomware, files are encrypted with strong algorithms adding the extension ".VVV" to the files while an HTML ransom notification instructs the victims to pay their fee. For those that wish to obtain a decryption key, they are redirected to access Tor-hosted sites for payment.
The new scheme set forth by cybercriminals in using TeslaCrypt to essentially make a living for themselves has been quite lucrative considering small business faced with the malware infection are willingly paying the ransom fee to decrypt files and restore their computer to normal operation. It's not that difficult to quickly add up the potential revenue considering how each instance of TeslaCrypt's fee exceeds $500. The lessons learned from CryptoWall, one of the original encryption-type ransomware threats, where those that spread the infection raked in over $1 million between March and August of 2014. TeslaCrypt cybercriminals could eventually make CryptoWall's group look like impoverished peasants when they start bringing in tens of millions of dollars.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.