Last year, Ransom32 – “Ransomware as a service” – malware allows malicious users to create their own ransomware to extort money from those affected by it. There are several variants of it – the most recent one, calledTeslaCrypt (Trojan.Cryptolocker.N), has emerged late in November of 2015, sweeping through internet, sending out massive amounts of spam, with highest peak of detention marked in early December 2015.
TeslaCrypt infects victim’s computer and uses strong encryption to encrypt a wide range of local files. Because TeslaCrypt’s authors have continually refined this particular malware and its distribution it is now considered one of the more dangerous e-threats.
- Required Your attention
- Would you be so kind as to tell me if the items listed in the invoice are correct?
- Please accept our congratulations on a successful purchase and best wishes.
- Would you be nice enough to provide us with a wire transfer confirmation.
If you see emails with such subjects, delete them immediately.
Which file extentions are targeted for encryption?
Listed here in alphabetical order:
.3fr, .7z, .accdb, .ai, .apk, .arch00, .arw, .asset, .avi, .bar, .bay, .bc6, .bc7, .big, .bik, .bkf, .bkp, .blob, .bsa, .cas, .cdr, .cer, .cfr, .cr2, .crt, .crw, .css, .csv, .d3dbsp, .das, .dazip, .db0, .dba, .dbf, .dcr, .der, .desc, .dmp, .dng, .doc, .docm, .docx, .dwg, .dxg, .epk, .eps, .erf, .esm, .ff, .flv, .forge, .fos, .fpk, .fsh, .gdb, .gho, .hkdb, .hkx, .hplg, .hvpl, .ibank, .icxs, .indd, .itdb, .itl, .itm, .iwd, .iwi, .jpe, .jpeg, .jpg, .js, .kdb, .kdc, .kf, .layout, .lbf, .litemod, .lrf, .ltx, .lvl, .m2, .m3u, .m4a, .map, .mcmeta, .mdb, .mdbackup, .mddata, .mdf, .mef, .menu, .mlx, .mov, .mp4, .mpqge, .mrwref, .ncf, .nrw, .ntl, .odb, .odc, .odm, .odp, .ods, .odt, .orf, .p12, .p7b, .p7c, .pak, .pdd, .pdf, .pef, .pem, .pfx, .pkpass, .png, .ppt, .pptm, .pptx, .psd, .psk, .pst, .ptx, .py, .qdf, .qic, .r3d, .raf, .rar, .raw, .rb, .re4, .rgss3a, .rim, .rofl, .rtf, .rw2, .rwl, .sav, .sb, .sid, .sidd, .sidn, .sie, .sis, .slm, .snx, .sql, .sr2, .srf, .srw, .sum, .svg, .syncdb, .t12, .t13, .tax, .tor, .txt, .upk, .vcf, .vdf, .vfs0, .vpk, .vpp_pc, .vtf, .w3x, .wb2, .wma, .wmo, .wmv, .wotreplay, .wpd, .wps, .x3f, .xf, .xlk, .xls, .xlsb, .xlsm, .xlsx, .xxx, .zip, .ztmp,
If a malware infection of this type occurs, it will be necessary to have the entire environment restored from the last clean snapshot prior to infection, and there may be data loss. In addition, while the data is being restored, users may be unable to access their environment during that time.
At this time, no vendor can guarantee 100% effectiveness against all malware. For more information, visit these resources
- https://en.wikipedia.org/wiki/TeslaCrypt
- https://isc.sans.edu/forums/diary/TeslaCrypt+ransomware+sent+using+malicious+spam/20507/
How is your state of IT? Call Us: (855) 551-7760 with any questions.