Gamers have been put on high alert following news that TeslaCrypt ransomware attacks are on the increase. The file-encrypting malware was first identified in March of this year, but this month the number of attempted attacks has skyrocketed.
TeslaCrypt ransomware does not specifically attack computer game players, but it is gamers that are most likely to have to pay the ransom if their computers are infected. TeslaCrypt ransomware is likely to encrypt game files, maps, saved games, mods, and even game software, leaving gamers with little choice but to pay the ransom or lose everything.
About a month after the discovery of TeslaCrypt ransomware, security researchers had developed a tool that could be used to de-crypt files. However, during the past few months, the authors of the malware have been busy tweaking TeslaCrypt. The decryption tool that was developed in April is no longer guaranteed to work.
Businesses now being targeted with TeslaCrypt Ransomware
Not only has TeslaCrypt ransomware evolved, it has been sold on the black market to cybercriminals. The authors appear to have been selling their ransomware-as-a-service, and while they have had relatively few takers, that has now changed.
Known infections have remained relatively low throughout the course of the year, but December has seen a major increase. The number of attempted attacks in November remained fairly constant at approximately 200 per day. By mid-December that figure increased to around 1,800 per day.
The ransomware is also no longer just being used to target gamers, in fact, better rewards can be gained from attacking businesses. This fact has not been lost on the cybercriminals behind the latest wave of TeslaCrypt ransomware attacks.
The ransomware is known to encrypt 185 types of files, and while many of those are specific to gaming software, the file-encrypting malware is particularly damaging for businesses. If infected, files can be decrypted, but only if the ransom is paid or the malware is removed. Infected computers will have file extensions changed to a .vvv extension and files be encrypted.
User will have files saved to their desktops directing them to websites where they will be required to pay a ransom to unencrypt their files. Any business that has failed to perform a backup of their data may have little alternative but to pay the ransom.
Due to the increase in reported attacks in December, all businesses are advised to exercise extreme caution. Backups should be performed daily, and end users should be told to be particularly vigilant. The attack vector being used for the latest wave of attacks is mostly spam email. Account department executives are being targeted and fooled into opening file attachments which have been masked to appear to be invoices and receipts in pdf or doc formats. The subject lines typically refer to an order, invoice, or bank transfer.
The criminals behind TeslaCrypt ransomware have developed advanced obfuscation JavaScript code which helps to get their malware past anti-virus software.
The best way to prevent an attack is to ensure that spam emails are not delivered to end users and to make sure that end users know never to open an email attachment sent from an unknown user.