Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New TeslaCrypt Ransomware sets its scope on video gamers


  • Please log in to reply
263 replies to this topic

#256 Jenniferkhan

Jenniferkhan

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 11 February 2016 - 08:31 AM

Teslacrypt virus attacks the computers which has specific games installed. the virus attacks the private data of the user and then ask for ransom in return.
Here in this link you can find the process of removal of Teslacrypt virus.<removed>

Mod Edit by quietman7: link to non-Bleeping Computer malware removal guide removed or disabled per this policy.

BC AdBot (Login to Remove)

 


m

#257 temerarious

temerarious

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:45 PM

Posted 09 April 2016 - 02:59 PM

We got hit 4/7 by what appears to be a variant of TeslaCrypt.  It completely encrypted the offending workstation, went after a large mapped share on a Windows server and found a insecure Samba share that was not mapped or used at all by that workstation so I assume it scanned the subnet for insecure shares and found a weakness.  In any case, The damage was caught fairly quickly and we DO have current backups so the damaged files were quickly restored and the offending workstation has nothing of value on it so I'll just wipe it and reinstall.

No real harm done because of the backups but it sure woke me up and is causing some sleepless nights worrying have I REALLY eradicated it from my network.  Amusing the offending workstation is completely wiped, is there anything else I should be watching out for, looking for worn like or other behavior that would have attempted to actually compromise or run on a server or other workstation rather than just encrypting a share over the network.

I've secured the insecure Samba share and set the Group Software Restriction Policies recommended in the Information Guide and FAQ here, as well as making sure everything that should be updated is updated.

FWIW I uploaded the exe file here.

https://virustotal.com/en/file/3570a4ca9a3ebd1b45df61a0ef5b476e26f35ba03dbd114e8192fa6b81b0cd71/analysis/1460209365/

The encrypted files had no change in file names or added extension
Each folder had three files with the ransom demand.
-!RecOveR!-wqxwn++.Png
-!RecOveR!-wqxwn++.Txt
-!RecOveR!-wqxwn++.Htm

Backups work!!!    My main concern is being sure I am REALLY rid of it on the network.



#258 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,104 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:45 PM

Posted 09 April 2016 - 05:34 PM

TeslaCrypt 4.0 will leave files (ransom notes) with names like RECOVER+[random].TXT, RECOVER[5-random].TXT, recover_file.txt, _rEcOvEr_[5-random].txt, +-HELP-RECOVER-+[5-random]-+.txt, +REcovER+[5-random].txt, -!RecOveR!-[5-random]++.txt, {RecOveR}-[5-random]__.txt.

Crypto malware ransomware is typically programmed to automatically remove itself...the malicious files responsible for the infection...after the encrypting is done since they are no longer needed. Unfortunately, most victims do not realize they have been infected until the ransomware displays the ransom note and the files have already been encrypted. As such, they don't know how long the malware was on the system before being alerted or if other malware was installed along with the ransomware. If other malware was involved it could still be present so be sure to perform full scans with your anti-virus.

If your antivirus did not detect and remove anything, additional scans should be performed with other security programs like Malwarebytes Anti-Malware and Emsisoft Anti-Malware. You can also supplement your anti-virus or get a second opinion by performing an Online Virus Scan...ESET is one of the more effective online scanners.

Support for TeslaCrypt 3.0/4.0 is provided in this topic where you can ask questions and seek further assistance.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#259 Grinler

Grinler

    Lawrence Abrams

  • Topic Starter

  • Admin
  • 43,300 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:45 PM

Posted 18 May 2016 - 03:14 PM

TeslaCrypt has closed its doors and released the master decrypt key. BloodDolly has already updated his tool so it can now decrypt all files encrypted by TeslaCrypt 3.0 and 4.x. More info here:

http://www.bleepingcomputer.com/news/security/teslacrypt-shuts-down-and-releases-master-decryption-key/

#260 OzEdri

OzEdri

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 19 May 2016 - 01:39 AM

TeslaCrypt has closed its doors and released the master decrypt key. BloodDolly has already updated his tool so it can now decrypt all files encrypted by TeslaCrypt 3.0 and 4.x. More info here:

http://www.bleepingcomputer.com/news/security/teslacrypt-shuts-down-and-releases-master-decryption-key/

Thank you very much for this update!

Please also update the first post of this topic.



#261 Candia

Candia

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 19 May 2016 - 04:05 AM

Un grand merci à toute l'équipe!!!

Je vais essayer de récuperer mes fichiers avec TeslaDecoder  :bananas:  :bananas:



#262 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,104 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:45 PM

Posted 19 May 2016 - 05:04 AM

...Please also update the first post of this topic.

A note has been added.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#263 ranChanc

ranChanc

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:45 PM

Posted 24 May 2016 - 12:50 AM

TeslaCrypt has closed its doors and released the master decrypt key. BloodDolly has already updated his tool so it can now decrypt all files encrypted by TeslaCrypt 3.0 and 4.x. More info here:

http://www.bleepingcomputer.com/news/security/teslacrypt-shuts-down-and-releases-master-decryption-key/

 

I have tired the tesladecoder but it was reported that the encrypt key is a different one...seems something wrong happens with my case?



#264 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,104 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:45 PM

Posted 24 May 2016 - 05:34 PM

Decryption instructions for all victims of TeslaCrypt 3.0/4.x are provided by BloodDolly here.

If you still need assistance, support for TeslaCrypt 3.0/4.0 is provided in this topic.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users