Ransomware isn't a new problem, but it is one that’s been constantly evolving to become more effective and damaging. It's gotten to the point where high profile attacks from new or updated ransomware variants such as PETYA, Mischa, Locky and 7ev3n to TrueCrypter routinely make the news. But in an interesting turn of events, the developers of the ransomware TeslaCrypt decided to hang it up, and release the master decrypt key for free.
A researcher in security firm ESET noticed the gradual slowdown of activity from the developers of TeslaCrypt while distributors were switching over to CryptXXX ransomware. The researcher then contacted the developers via their support channel in the dark web, and was given the master key to unlock all computers infected by the ransomware. The developers also confirmed that they are shutting down TeslaCrypt’s operations.
TeslaCrypt (detected by Trend Micro as RANSOM_CRYPTESLA) is a variant of ransomware that initially targeted a particular niche of users that included gamers, modders, and Steam users. It was distributed through spam emails and websites—mostly Wordpress sites—designed to redirect its visitors to a page hosting an Angler kit that exploits a recently patched vulnerability in Adobe Flash Player to deliver the malware.
Upon infection, the malware searches for 185 file extensions related to various single and multiplayer games such as Assassin’s Creed, Call of Duty, Diablo, League of Legends, Minecraft, Resident Evil and World of Warcraft, and locks the games’ save data, player profiles, DLCs and game mods stored in the victim’s computer.
The updated versions of the ransomware can also encrypt Word and PDF documents, photos, iTunes and other media files. It also affected software used to design and develop games such as RPG Maker, Unity3D, and Unreal Engine. Victims of the ransomware are instructed to fork over $500 in bitcoin within one week, after which the price increases to $1,000.
It has been reported that the ransomware has extorted $76,522 between February and April 2015 alone. Last December, the blog page of the news site The Independent was compromised and exposed its readers to risk by adding an advert on the blog that carried the ransomware.
Malware like TeslaCrypt is just one of many developed to target a niche audience. In this case, it was designed to go after those who are presumed to be more willing to pay in order to recover in-game purchases and gaming data they spent their time, effort, and money on.
Gaming is also a major industry boasting a thriving economy that includes developers that put in huge investments to create the next blockbuster game, and a growing market of players who are willing to spend serious money to buy them. Last year, a phishing campaign targeted the Steam account credentials of Counter-Strike: Global Offensive players through misspelled URLs of the game’s official website. In May of the same year Minecraft players on Android OS were served with scareware that signed victims up to a premium SMS service. Denial-of-service (DDoS) attacks to gaming and software companies were also reported to have increased by 180% from the third quarter of 2014 to 2015. There’s also the famous data breach of millions of Playstation Network users that cost Sony $171 million.
Regarding TeslaCrypt, its universal decryption key can be found on its now defunct Tor site. Decryption tools and software are also now available to decrypt the files locked by the ransomware.
Like it? Add this infographic to your site: 1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).