A new version of TeslaCrypt has been released that utilizes the same .ccc extension for encrypted files but now uses a different ransom note name.  According to TeslaDecoder developer BloodDolly, this variant was released on October 13th, 2015 and is version 2.2.0 of the TeslaCrypt family. Unfortunately, unless you capture the encryption key at the time of the infection there is no way of decrypting your files without paying the ransom. This variant also continues to use vssadmin.exe to clear the victim's Shadow Volume Copies.

Just like previous versions, this version will continue to create ransom notes in each folder that a file has been encrypted. The new ransom note names that are being used are _how_recover_<3 letter id>.HTML and _how_recover_<3 letter id>.TXT. For example,  _how_recover_jal,html, as shown below.

TeslaCrypt Ransom Note
TeslaCrypt Ransom Note - Click to Enlarge

If any new information about this version is discovered, we will be sure to post about it.

Related Articles:

The Week in Ransomware - November 9th 2018 - Mostly Dharma Variants

SEO Poisoning Campaign Targeting U.S. Midterm Election Keywords

The Week in Ransomware - November 2nd 2018 - RaaS, DiskCryptor, & More

New Ransomware using DiskCryptor With Custom Ransom Message

CommonRansom Ransomware Demands RDP Access to Decrypt Files