The ransomware menace is becoming a sore of the Internet. Just last month, we had released an extensive blog post about the alarming growth in ransomware attacks across the world. There are around 12 families of ransomware detected in the wild as of now. And joining the gang is a new member called TeslaCrypt.
1. The first type is an Ecryptor. This ransomware encrypts (converts information into a code) the infected computer’s data including images, videos, documents, presentations, and spreadsheets. It demands a ransom to decrypt the files.
2. The second type is a Screen Locker. As the name suggests, this program freezes or locks up the victim’s computer, and makes it nonfunctional, until a ransom is paid.
What is TeslaCrypt?
TeslaCrypt is a new ransomware in the town. It works in a similar way as other encrypting ransomware. Once inside the system, it starts looking for data including images, docs, spreadsheets, PowerPoint presentations, etc. However, unlike the others, it also seeks out saved game files (replays, maps, configurations, etc.) in the infected computer. Having found the files, the malware starts converting them into an encrypted form which can be only accessible by a user who has a private key to it. And to get this key, the victim has to pay a ransom of 1.5 Bitcoins (about $373.92).
What Games are being targeted by TeslaCrypt?
Presently, the following games are known to have been targeted by this ransomware:
• Call of Duty | • RPG Maker |
• World of Warcraft | • League of Legends |
• DayZ | • Dragon Age |
• Minecraft | • StarCraft |
• Fallout and Diablo | • World of Tanks |
• Bethesda Softworks File | • F.E.A.R. 2 |
• Steam NCF Valve Pack | • EA Sports |
• Unreal 3 | • Unity Scene |
• Assassin’s Creed | • Skyrim animation |
• Bioshock 2 | • DayZ profile file |
• RPG Maker VX RGSS | • Unreal Engine 3 Game File |
• S.T.A.L.K.E.R. | • Dragon Age Origins |
How Can TeslaCrypt Infect your Computer?
TeslaCrypt mostly spreads via spam emails where it may be hidden in the form of a downloadable attachment. Such emails also contain links to malicious websites, visiting which may download the ransomware automatically on the user’s machine.
Files Infected by TeslaCrypt
Files with following extension get encrypted by TeslaCrypt.
.sql, .mp4, .7z, .rar, .m4a, .wma, .avi, .wmv, .csv, .d3dbsp, .zip, .sie, .sum, .ibank, .t13, .t12, .qdf, .gdb, .tax, .pkpass, .bc6, .bc7, .bkp, .qic, .bkf, .sidn, .sidd, .mddata, .itl, .itdb, .icxs, .hvpl, .hplg, .hkdb, .mdbackup, .syncdb, .gho, .cas, .svg, .map, .wmo, .itm, .sb, .fos, .mov, .vdf, .ztmp, .sis, .sid, .ncf, .menu, .layout, .dmp, .blob, .esm, .vcf, .vtf, .dazip, .fpk, .mlx, .kf, .iwd, .vpk, .tor, .psk, .rim, .w3x, .fsh, .ntl, .arch00, .lvl, .snx, .cfr, .ff, .vpp_pc, .lrf, .m2, .mcmeta, .vfs0, .mpqge, .kdb, .db0, .dba, .rofl, .hkx, .bar, .upk, .das, .iwi, .litemod, .asset, .forge, .ltx, .bsa, .apk, .re4, .sav, .lbf, .slm, .bik, .epk, .rgss3a, .pak, .big, .allet, .wotreplay, .xxx, .desc, .py, .m3u, .flv, .js, .css, .rb, .png, .jpeg, .txt, .p7c, .p7b, .p12, .pfx, .pem, .crt, .cer, .der, .x3f, .srw, .pef, .ptx, .r3d, .rw2, .rwl, .raw, .raf, .orf, .nrw, .mrwref, .mef, .erf, .kdc, .dcr, .cr2, .crw, .bay, .sr2, .srf, .arw, .3fr, .dng, .jpe, .jpg, .cdr, .indd, .ai, .eps, .pdf, .pdd, .psd, .dbf, .mdf, .wb2, .rtf, .wpd, .dxg, .xf, .dwg, .pst, .accdb, .mdb, .pptm, .pptx, .ppt, .xlk, .xlsb, .xlsm, .xlsx, .xls, .wps, .docm, .docx, .doc, .odb, .odc, .odm, .odp, .ods, .odt,
Steps to Stay Away from Ransomware
1. Never download attachments or click on links in emails received from unwanted or unexpected sources, even if the source looks familiar.
2. Don’t respond to pop-up notifications or alerts while visiting unfamiliar websites.
3. Apply all recommended security updates to your OS, software, and Internet browsers, if not already.
4. Have a security software installed in your PC that efficiently blocks spam and malicious emails, and automatically restricts access to malicious websites.
THE MOST IMPORTANT STEP TO TAKE!
Regular data backup is the only way you can recover from a ransomware attack. Once TeslaCrypt encrypts your files, there is no way that you can decode them without buying the private key. And paying crooks is something we and even the law enforcement do not recommend.
So, take regular backups of all the important files you have on your computer. We recommend you to begin the backup procedure offline and not when you are connected to the Internet. This is because, ransomware also target files in external storage drives. And once you are done, disconnect the backup drive.
What to do if your Computer is Infected with TeslaCrypt?
1. Disconnect your system from the Internet.
2. Disconnect any external storage devices connected to your computer.
3. Run a virus scan on your computer.
4. Get help from a local computer expert to ensure that the infection is gone. Thereafter, you can restore your files from your backup. Running a System Restore may also help.
How can Quick Heal help?
Quick Heal helps prevent ransomware infections with its real-time Email Security that blocks spam, infected and malicious emails. Its Web Security feature automatically blocks infected and malicious websites. Also, Quick Heal detects TeslaCrypt as Ransom.Tescrypt.A4 and proactively blocks the infection.
44 Comments
Thanks Rajib for the important info. God bless.
quick heal version 16.00(9.0.0.17),can detect the TeslaCrypt?
Hi Naren,
Yes, Quick Heal detects and blocks this ransomware.
Regards,
Thanks Rajib for informing about new virus
Thanks for the News.
Great work rajib
Thanx a ton , that’s why I subscribed to Quick Heal since its inception . Gr8 job .
Thanks. This was an excellent and timely Alert from Quick Heal.
Vijay.
thaks for information
i already have quick heal installed. do i still need to be scared about the teslacrypt???
Hi Rhea,
Quick Heal detects TeslaCrypt on the machine so you do not have to worry about this threat.
Regards.
thanks for the use full information.
Thanks Rajib god bless
Hello Rajib,
I have 2 computers.
One has “Quick Heal Total Security 2012” version 13.00(6.0.0.4), license valid till 27 Jan 2017.
The other one has “quickheal internet security” version 16.00(9.0.0.14), license valid till 07 May 2016.
Can theyt prevent “TeslaCrypt” from infecting the computers
with regards
Debdarpan Khan
Hi Debdarpan,
Quick Heal detects the TeslaCrypt ransomware so you do not need to worry about this infecting your machines.
Regards.
Thanks rajib you guys are awesome
i have deleted this malware to detected to my computer
THANKS FOR INFORM FOR NEW virus
THANKS FOR INFORM NEW virus
Quick Heal’s Behaviour Detection System also pro-actively detects malicious activity for the TeslaCrypt…
nice
Thank you Rajib for the valuable information
we are quckheel user our end date is nearest.so please three user quckheel discount rate and payment prosess send me
bharat namdeo
jabalpur MP india
09425466762
Hi Bharat,
In order to renew your Quick Heal product, you will need to do so via the renew option once you open your Quick Heal product dashboard. If you need help to do this, please contact our support team on 0-927-22-33-000.
Regards.
thank you for this important information about this
new virus.
I JUST WANT TO ASK ONE THING…. does quick heal internet security or quick heal total seucity code works in google play’s quick heal paid….. cause which i mentioned is easily available in market for buying….. oh antivirus code is also available…so will that work too….
Hi Saumik,
No the product key for Total Security or Internet Security does not work on the mobile product over Google Play. The product key for that needs to be purchased separately.
Regards.
when i got problems to use my laptop to access my web site then i purchase quickheal then i got complete solution and i am satisfied now
Thanks for information
Thanks for the info! Sounds very scary though!
Hey Rajib!! I have lot of games in my PC or you can say I’m a Gamer. So, can you tell me what Tesla Crypt do? How does it asks Ransom and how does it affects one computer? Does it infects One’s PC by Internet or Virus?
Regards,
Ayush
Hi Ayush,
As mentioned in the post, TeslaCrypt spreads via spam emails. Once it gains entry into the targeted system, it starts looking for saved game files. Thereafter, the virus begins encrypting these files. It then displays a message, as shown in the post, wherein, it asks for a payment in Bitcoins.
Regards,
my quickheal not updatet.
Hi Bappa,
We recommend that you contact our support center in order to resolve this issue. You can reach them in the following ways:
1. Call them on 0-927-22-33-000.
2. Submit a ticket by visiting this link – https://www.quickheal.co.in/submitticket
Regards.
Hacking tools and patch files are regarded as virus by Quick heal. What can i do thank you
Hi Putta,
Kindly share some more information about these tools and files that you are referring to. This will allow us to help you better.
Regards.
Hi what is hacking tools and patch file,i have installed tablet security but not satisfied this software dont have couple of features compared to total security and i am worried,Mr Rajib Sir will my quickheal tablet security software is enough powerful software and will it save my device from teslacrypt or ransomwares,adwar or malware in the future and please discuss in next discussion on this topics on what are the ways and how many numbers of options do any kind of viruses have for entering in our android devices without users knowledge and one more question for you Rajib Sir gamers are also on target but how secured are games for android on googleplay store do google scan all the new developer new games before recommending the games to google users in their games option on googleplay store after reading all these things i even stopped downloading games from google play store when i have already installed quickheal tablet security Rajib Sir i like playing games from google play store but if some games contains some kind of virus will my quickheal tablet security will detect it immediately within seconds of time and secured my device from any infections because i have some worst experiences of viruses when i installed few games from googleplay store that time i was using avast free antivirus on small tablet which is unfortunately now a unuseable corrupted os android device
Hi Girish,
As mentioned in the post, presently TeslaCrypt is only known to target the Windows platform (PCs) and not Android. Yes, Quick Heal Tablet Security protects your device from all types of malware designed to target Android users.
Regards,
its btr thn other al…
Do Quickheal v15.00 detect this ransomeware teslascrypt?
Hi Krishnasish,
Yes, Quick Heal does detect and block TeslaCrypt.
Regards,
THANKS FOR INFORMATION & WISHING BEST.
Hi Rajib Sir In case i finished my internet limit and i dont have internet for few hours but i had already installed few apps from googleplay store during which if i full scan my device using myquickheal tablet security software to detect any virus in my installed application will my quickheal tablet security will detect any virus in that installed apps from googleplay because i have no idea on how this software works without internet conection is it very necessary that there must be internet connection for scanning the device or my tablet security can be effective enough to detect any virus in installed apps including games from google play without internet conection for couple of hours and will my software repair or uninstall apps quickly without internet connection if some virus is detectd.Thankyou
Hi Girish,
Internet connection is necessary to receive security updates. But while you are installing any app, Quick Heal monitors it in real-time. If the app is malicious, Quick Heal will block it or warn you about the same. So, if this has not been the case, it means your installed apps are fine.
Regards,