Attacks using TeslaCrypt ransomware intensify

The number of daily TeslaCrypt attacks have increased nine times in two weeks

Over the past two weeks security researchers have seen a surge in attacks using a file-encrypting ransomware program called TeslaCrypt, known for targeting gamers in the past.

TeslaCrypt first appeared in March and stood out because over 50 of the 185 file types it targeted were associated with computer games and related software, including game saves, custom maps, profiles, replays and mods -- content that users might have a hard time replacing.

In April researchers from Cisco found a weakness in TeslaCrypt's encryption routine and created a tool that could decrypt files affected by some versions of the program.

Since then, the ransomware program's authors have continued to refine it and started selling it on the underground market to other cybercriminals. However, the number of attacks have stayed relatively low until late November when security researchers from Symantec observed a significant change.

Over the past two weeks the number of TeslaCrypt infection attempts detected by Symantec went up from around 200 a day to 1,800, suggesting that one cybercriminal group is ramping up its use of this malicious program.

The group's preferred method of infection is through spam emails with malicious attachments. The subject lines of these emails begin with "ID," followed by a random number and a request related to alleged invoices, successful orders or wire transfers.

Judging by these topics, the attackers are targeting businesses -- a new trend for ransomware attacks in general that's fueled by businesses being more willing to pay to recover important files.

The malicious TeslaCrypt email attachments may include the words "invoice," "doc," or "info," but they actually contain heavily obfuscated JavaScript code designed to evade antivirus detection and download the ransomware program.

If the attack is successful, the program will encrypt all files with a strong encryption algorithm and will add the .VVV extension to them. It will also drop text and HTML ransom notes that instruct victims how to access Tor-hosted sites in order to pay the ransom.

"Given that this group using TeslaCrypt has been highly active in recent weeks, businesses and consumers should be on their guard, keep their security software regularly updated, and exercise caution when opening emails from unfamiliar sources," the Symantec researchers said in a blog post. "Users should also regularly back up any files stored on their computers. If a computer is compromised with ransomware, then these files can be restored once the malware is removed from the computer."

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Most Popular Reviews

Latest News Articles


GGG Evaluation Team

Kathy Cassidy


First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni


For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell


The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi


The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott


My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?