Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Extension name .abc (TeslaCrypt) variant?


  • This topic is locked This topic is locked
1 reply to this topic

#1 krezy

krezy

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:38 PM

Posted 08 September 2015 - 02:33 PM

We got infected with a TeslaCrypt, from the recent message Grinler sent us, it changes all the file extensions to .abc...  Is this a different variant or something like this

 

http://www.bleepingcomputer.com/forums/t/585444/new-teslacrypt-variant-that-appends-aaa-to-encrypted-files/

 

 

We uploaded the files to where we were instructed on here, but yesterday we plugged in one of our drives and thought it was completely encrypted. But going thru the files, it had actually only attached itself to files inside folders and .mkv files. Is this relevant? And what should we do?



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,734 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:38 PM

Posted 09 September 2015 - 11:28 AM

Any files that are encrypted with the newer unnamed variant of TeslaCrypt will have the .exx, .xyz, .zzz, .aaa or .abc extension appended to the end of the filename. The .aaa/.abc variant drops files with names like Recovery_File_*****.html, Recovery_File_*****.txt, restore_files_*****.html, restore_files_*****.txt files, (where ***** are random characters) and pretends to be CryptoWall 3.0.

A repository of all current knowledge regarding TeslaCrypt, Alpha Crypt and newer variants is provided by Grinler (aka Lawrence Abrams), in this topic: TeslaCrypt and Alpha Crypt Ransomware Information Guide and FAQ

Information about and support for decrypting files affected by Alpha Crypt & TeslaCrypt ransomware can be found in this topic:
TeslaDecoder released to decrypt .EXX, .EZZ, .ECC files encrypted by TeslaCrypt

There is an ongoing discussion in this topic: New TeslaCrypt version that uses the .EXX extension Support & Discussion.

Rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any questions, comments or requests for assistance in that topic discussion. Doing that will also ensure you receive proper assistance from our crypto malware experts since they may not see this thread. To avoid unnecessary confusion...this topic is closed.

Thanks
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users