HackDig : Dig high-quality web security articles for hacker

North European companies targeted with TeslaCrypt

2015-12-15 00:10
The criminals wielding TeslaCrypt ransomware have (unsurprisingly) made the transition from targeting individual users to targeting companies.

After all, companies are more likely to pay up as their encrypted files are often the files they need to continue their business, and regular backing up of important files, which would help in such cases, is still not the norm.

According to Heimdal Security researchers, the latest widespread spam campaign delivering the ransomware is currently mostly affecting companies in Northern Europe - Germany, UK, France, Italy, and Spain - but also the US.

First spotted earlier this year, TeslaCrypt was initially meant to target gamers. It looks a bit like CryptoLocker, but less than ten percent of the code of both threats is the same.

Some variants of its first version had a flaw that allowed security researchers to come up with a decryption tool for it. Victims of TeslaCrypt 2.0 aren't so lucky.

TeslaCrypt has been previously delivered to victims with the help of exploit kits. For this campaign, the crooks opted for spoofed emails delivering a malicious .zip file (click on the screenshot to enlarge it):

The .zip files contains a Javascript file, which downloads TeslaCrypt from a number of compromised web pages. TeslaCrypt then searches for and encrypts a wide variety of office, image, audio, video, backup, database, archive, and other type of files on the target computer, but also on computers connected to the same network.

The initial AV detection for this particular variant was extremely low (3/55 according to VirusTotal), but has risen considerably in the couple of days after it was first spotted.

Source: php.swen_erawlam/cFreIQnWnZq/3~/ytiruceSteNpleH/r~/moc.elgoog.yxorpdeef

Read:2346 | Comments:0 | Tags:No Tag

“North European companies targeted with TeslaCrypt”0 Comments

Submit A Comment



Blog :

Verification Code:


Share high-quality web security related articles with you:)


Tag Cloud