Lots of ransomware news this week with 3 new infections, 7 new Jigsaw ransomware variants, 3 new decryptors, a new variant to Nemucod, and an interesting article about the Crysis ransomware. I would like to thank everyone who monitors and analyzes new ransomware infections in Twitter and through other sources.
We had 3 new ransomware infections called BadBlock, Zcrypt, and ODCOC, updates for Zyklon and CryptXXX, and one TeslaCrypt news item this week, but for the most part there was nothing that interesting released.
Today, Mikko Hypponen discovered that the TeslaCrypt ransomware developers have changed the message on their last functioning TOR site. According to Mikko, as of a few hours ago a new message appeared on the TOR TeslaCrypt site that now recommends BloodDolly's TeslaDecoder application to decrypt your files.
The ransomware keep on coming! Since the last article we have had 6 new ransomware infections released, and to weight it out, 6 decryptors. Included in the new ransomware is one that is targeting Drupal web sites. By far, the biggest news, though, was the closing of TeslaCrypt and their release of the master decryption key.
In a surprise ending to the TeslaCrypt ransomware, the malware developers have released the master decryption key for their victims. This means that all victims of the TeslaCrypt ransomware can now decrypt their files for free!
Version 4.2 of TeslaCrypt has been released with quite a few modifications. The most notable change is that ranso notes have been heavily modified to only contain the necessary information to connect to the Command & Control servers.
A quick post that version 4.1b of the TeslaCrypt Ransomware has been released. I am unsure when this was released, but a victim submitted a sample today of this new variant. It is currently unknown what has changed internally to the program, but there have been additional payment gateways added.
Hospitals have been having a tough time with ransomware lately. Starting last month, when Hollywood Presbyterian Medical Center paid close to 17k for a ransomware decryption key, more news has been released about other hospitals being affected by ransomware..
TeslaCrypt 4.0 has been released with some minor modifications. These modifications include fixing a bug that corrupted files with sizes greater than 4GB, new ransom note names, and no longer appending an extension for encrypted files.
A new variant of the TeslaCrypt ransomware was released that contains some minor changes. The version number is still 3.0. but the ransom notes have been renamed and the file extension for encrypted files is now .MP3. Unfortunately, there is still no way to decrypt this latest version of TeslaCrypt.
Now that TeslaCrypt 3.0 has been released and the malware developer has fixed a flaw in his program, we are releasing information on how to decrypt files encrypted by earlier variants. This article explains how volunteers cracked TeslaCrypt's encryption key storage algorithm to help people recover their files for free.
The TeslaCrypt developers release version 3.0 of their ransomware infection, which includes a modified encryption algorithm and the .XXX extension for encrypted files.
The latest release of TeslaCrypt still refers to itself as version 2.2.0, but there are still some minor changes compared to the last release. These changes include minor differences in the ransom note and differ file header for the encrypted files.
A new version of TeslaCrypt was released on Tuesday that contains some minor changes such as new ransom note names, a new name for the autorun entry, and a slight change to how it removes the Shadow Volume Copies.
A new version of the TeslaCrypt ransomware has been released that changes the ransom note filenames and uses the new .vvv extension for encrypted files. Unfortunately, at this time there is still no way of decrypting files encrypted by this version of TeslaCrypt.
A new variant of TeslaCrypt has been released that utilizes the same .CCC extension for encrypted files, but now uses the _how_recover_
A new version of TeslaCrypt has been released that is now using the ccc extension when encrypting files. This version utilizes the same payment site as previous variants and requires a 2 bitcoin, or approximately $500 USD, ransom in order to decrypt your files.
Microsoft recently announced that they have updated their malicious removal tool to detect and remediate the TeslaCrypt ransomware infection due to the increased distribution and activity detected in August. This announcement just means that Microsoft has added further detection for this ransomware and will remove it via MSRT.