TeslaCrypt 2.0 comes with stronger encryption and a CryptoWall disguise

TeslaCrypt 2.0 comes with stronger encryption and a CryptoWall disguise

TeslaCrypt, primarily known for encrypting gaming files, has beefed up its techniques and most recently, greatly improved its encryption in its newest 2.0 version.

Kasperky Lab wrote in a blog post that TeslaCrypt 2.0 not only makes it impossible to decrypt files, but also uses an HTML page copied directly from a separate ransomware: CryptoWall. And to take it a step further, TeslaCrypt no longer uses its own name; it instead opts to disguise itself as CryptoWall.

More specifically, once infected, a victim is taken to an HTML payment page directly copied from CryptoWall. It only differs in that the URLs lead to TeslaCrypt's Tor-based servers.

Fedor Sinitsyn, senior malware analyst at Kaspersky, said in emailed comments to SCMagazine.com that he couldn't provide an answer as to why the gaming ransomware might be using this disguise, but he speculated it's “aimed to scare the victim and to puzzle experts trying to help the victim.”

While TeslaCrypt might not be as notorious or recognizable as CryptoWall, the ransomware's new encryption scheme could put it higher up on IT professionals' threat radar. Previous versions saved data in a file that could be used to recover the decryption key, Sinitsyn said. This critical data isn't saved in the system. Backups are more imperative than ever, and Sinitsyn emphasized that they are the best defense against ransomware attacks.

“System administrators should be in charge of corporate backup and be leading the process on the corporate level,” he said. “Also, they should educate their uses on how to protect themselves from ransomware.”

TeslaCrypt mainly spreads through exploit kits, including Angler, Sweet Orange and Nuclear, and a large portion of its infections have been in the U.S.

“Ransomware as a threat is growing, criminals develop new and sophisticated pieces of malware, and in many cases decryption of the attacked files is impossible,” Sinitsyn said. “If your data is valuable, please take your time to make reliable backup copies.”


It is difficult for the FBI to crack most smartphone encryption

The FBI is struggling to decode private messages on phones and other mobile devices that could contain key criminal evidence, and the agency failed to access data more than half of the times it tried during the last fiscal year, FBI Director Christopher Wray told House lawmakers. Wray will testify at the House Judiciary Committee ...

Texas Church Shooting: More Calls for Encryption Backdoors

US Deputy Attorney General, Rod Rosenstein, has decided to use the recent mass shooting at a Texas church to reiterate calls for encryption backdoors to help law enforcers. The incident took place at the First Baptist Church in Sutherland Springs, killing at least 26 people. Deceased suspect Devin Kelley’s mobile phone is now in the ...

FBI couldn't retrieve data from nearly 7000 mobile phones due to encryption

The head of the FBI has reignited the debate about technology companies continuing to protect customer privacy despite law enforcement having a search warrant. The FBI says it hasn't been able to retrieve data from nearly 7000 mobile phones in less than one year, as the US agency turns up the heat on the ongoing ...

Wi-Fi's Most Popular Encryption May Have Been Cracked

Your home Wi-Fi might not be as secure as you think. WPA2 -- the de facto standard for Wi-Fi password security worldwide -- may have been compromised, with huge ramifications for almost all of the Wi-Fi networks in our homes and businesses as well as for the networking companies that build them. Details are still ...