{"id":400,"date":"2015-07-16T04:11:35","date_gmt":"2015-07-16T04:11:35","guid":{"rendered":"http:\/\/www.dogoodsoft.com\/blog\/?p=400"},"modified":"2024-12-23T07:51:57","modified_gmt":"2024-12-23T07:51:57","slug":"teslacrypt-2-0-comes-with-stronger-encryption-and-a-cryptowall-disguise","status":"publish","type":"post","link":"https:\/\/www.dogoodsoft.com\/blog\/teslacrypt-2-0-comes-with-stronger-encryption-and-a-cryptowall-disguise-400\/","title":{"rendered":"TeslaCrypt 2.0 comes with stronger encryption and a CryptoWall disguise"},"content":{"rendered":"<p><a href=\"https:\/\/www.dogoodsoft.com\/blog\/wp-content\/uploads\/2015\/07\/Snap7.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-401 size-full\" src=\"https:\/\/www.dogoodsoft.com\/blog\/wp-content\/uploads\/2015\/07\/Snap7.jpg\" alt=\"TeslaCrypt 2.0 comes with stronger encryption and a CryptoWall disguise\" width=\"347\" height=\"323\" srcset=\"https:\/\/www.dogoodsoft.com\/blog\/wp-content\/uploads\/2015\/07\/Snap7.jpg 347w, https:\/\/www.dogoodsoft.com\/blog\/wp-content\/uploads\/2015\/07\/Snap7-300x279.jpg 300w, https:\/\/www.dogoodsoft.com\/blog\/wp-content\/uploads\/2015\/07\/Snap7-1x1.jpg 1w\" sizes=\"auto, (max-width: 347px) 100vw, 347px\" \/><\/a><\/p>\n<p>TeslaCrypt, primarily known for encrypting gaming files, has beefed up its techniques and most recently, greatly improved its encryption in its newest 2.0 version.<\/p>\n<p>Kasperky Lab wrote in a blog post that TeslaCrypt 2.0 not only makes it impossible to decrypt files, but also uses an HTML page copied directly from a separate ransomware: CryptoWall. And to take it a step further, TeslaCrypt no longer uses its own name; it instead opts to disguise itself as CryptoWall.<\/p>\n<p>More specifically, once infected, a victim is taken to an HTML payment page directly copied from CryptoWall. It only differs in that the URLs lead to TeslaCrypt&#8217;s Tor-based servers.<\/p>\n<p>Fedor Sinitsyn, senior malware analyst at Kaspersky, said in emailed comments to SCMagazine.com that he couldn&#8217;t provide an answer as to why the gaming ransomware might be using this disguise, but he speculated it&#8217;s \u201caimed to scare the victim and to puzzle experts trying to help the victim.\u201d<\/p>\n<p>While TeslaCrypt might not be as notorious or recognizable as CryptoWall, the ransomware&#8217;s new encryption scheme could put it higher up on IT professionals&#8217; threat radar. Previous versions saved data in a file that could be used to recover the decryption key, Sinitsyn said. This critical data isn&#8217;t saved in the system. Backups are more imperative than ever, and Sinitsyn emphasized that they are the best defense against ransomware attacks.<\/p>\n<p>\u201cSystem administrators should be in charge of corporate backup and be leading the process on the corporate level,\u201d he said. \u201cAlso, they should educate their uses on how to protect themselves from ransomware.\u201d<\/p>\n<p>TeslaCrypt mainly spreads through exploit kits, including Angler, Sweet Orange and Nuclear, and a large portion of its infections have been in the U.S.<\/p>\n<p>\u201cRansomware as a threat is growing, criminals develop new and sophisticated pieces of malware, and in many cases decryption of the attacked files is impossible,\u201d Sinitsyn said. \u201cIf your data is valuable, please take your time to make reliable backup copies.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"<p>TeslaCrypt, primarily known for encrypting gaming files, has beefed up its techniques and most recently, greatly improved its encryption in its newest 2.0 version. Kasperky Lab wrote in a blog post that TeslaCrypt 2.0 not only makes it impossible to decrypt files, but also uses an HTML page copied directly from a separate ransomware: CryptoWall. &hellip; <a href=\"https:\/\/www.dogoodsoft.com\/blog\/teslacrypt-2-0-comes-with-stronger-encryption-and-a-cryptowall-disguise-400\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">TeslaCrypt 2.0 comes with stronger encryption and a CryptoWall disguise<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[154,52,153],"class_list":["post-400","post","type-post","status-publish","format-standard","hentry","category-news","tag-cryptowall-disguise","tag-encryption","tag-teslacrypt-2-0"],"_links":{"self":[{"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/posts\/400","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/comments?post=400"}],"version-history":[{"count":1,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/posts\/400\/revisions"}],"predecessor-version":[{"id":402,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/posts\/400\/revisions\/402"}],"wp:attachment":[{"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/media?parent=400"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/categories?post=400"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/tags?post=400"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}