New Ransomware Alert! TeslaCrypt is After Your Game Files

  • 1
    Share

The ransomware menace is becoming a sore of the Internet. Just last month, we had released an extensive blog post about the alarming growth in ransomware attacks across the world. There are around 12 families of ransomware detected in the wild as of now. And joining the gang is a new member called TeslaCrypt.

TeslaCrypt_encryptes_saved_games

What is Ransomware?
Ransomware is a sophisticated malicious program that takes control (hijacks) of the infected computer or its data, and demands money (ransom) from its victim. Ransomware is broadly classified into two types:

1. The first type is an Ecryptor. This ransomware encrypts (converts information into a code) the infected computer’s data including images, videos, documents, presentations, and spreadsheets. It demands a ransom to decrypt the files.

2. The second type is a Screen Locker. As the name suggests, this program freezes or locks up the victim’s computer, and makes it nonfunctional, until a ransom is paid.

What is TeslaCrypt?
TeslaCrypt is a new ransomware in the town. It works in a similar way as other encrypting ransomware. Once inside the system, it starts looking for data including images, docs, spreadsheets, PowerPoint presentations, etc. However, unlike the others, it also seeks out saved game files (replays, maps, configurations, etc.) in the infected computer. Having found the files, the malware starts converting them into an encrypted form which can be only accessible by a user who has a private key to it. And to get this key, the victim has to pay a ransom of 1.5 Bitcoins (about $373.92).

teslacrypt_ransomware_screen

Who are the Primary Targets?
1. Users of MS Windows
2. PC Gamers

What Games are being targeted by TeslaCrypt?
Presently, the following games are known to have been targeted by this ransomware:

• Call of Duty • RPG Maker
• World of Warcraft • League of Legends
• DayZ • Dragon Age
• Minecraft • StarCraft
• Fallout and Diablo • World of Tanks
• Bethesda Softworks File • F.E.A.R. 2
• Steam NCF Valve Pack • EA Sports
• Unreal 3 • Unity Scene
• Assassin’s Creed • Skyrim animation
• Bioshock 2 • DayZ profile file
• RPG Maker VX RGSS • Unreal Engine 3 Game File
• S.T.A.L.K.E.R. • Dragon Age Origins

How Can TeslaCrypt Infect your Computer?
TeslaCrypt mostly spreads via spam emails where it may be hidden in the form of a downloadable attachment. Such emails also contain links to malicious websites, visiting which may download the ransomware automatically on the user’s machine.

Files Infected by TeslaCrypt

Files with following extension get encrypted by TeslaCrypt.

.sql, .mp4, .7z, .rar, .m4a, .wma, .avi, .wmv, .csv, .d3dbsp, .zip, .sie, .sum, .ibank, .t13, .t12, .qdf, .gdb, .tax, .pkpass, .bc6, .bc7, .bkp, .qic, .bkf, .sidn, .sidd, .mddata, .itl, .itdb, .icxs, .hvpl, .hplg, .hkdb, .mdbackup, .syncdb, .gho, .cas, .svg, .map, .wmo, .itm, .sb, .fos, .mov, .vdf, .ztmp, .sis, .sid, .ncf, .menu, .layout, .dmp, .blob, .esm, .vcf, .vtf, .dazip, .fpk, .mlx, .kf, .iwd, .vpk, .tor, .psk, .rim, .w3x, .fsh, .ntl, .arch00, .lvl, .snx, .cfr, .ff, .vpp_pc, .lrf, .m2, .mcmeta, .vfs0, .mpqge, .kdb, .db0, .dba, .rofl, .hkx, .bar, .upk, .das, .iwi, .litemod, .asset, .forge, .ltx, .bsa, .apk, .re4, .sav, .lbf, .slm, .bik, .epk, .rgss3a, .pak, .big, .allet, .wotreplay, .xxx, .desc, .py, .m3u, .flv, .js, .css, .rb, .png, .jpeg, .txt, .p7c, .p7b, .p12, .pfx, .pem, .crt, .cer, .der, .x3f, .srw, .pef, .ptx, .r3d, .rw2, .rwl, .raw, .raf, .orf, .nrw, .mrwref, .mef, .erf, .kdc, .dcr, .cr2, .crw, .bay, .sr2, .srf, .arw, .3fr, .dng, .jpe, .jpg, .cdr, .indd, .ai, .eps, .pdf, .pdd, .psd, .dbf, .mdf, .wb2, .rtf, .wpd, .dxg, .xf, .dwg, .pst, .accdb, .mdb, .pptm, .pptx, .ppt, .xlk, .xlsb, .xlsm, .xlsx, .xls, .wps, .docm, .docx, .doc, .odb, .odc, .odm, .odp, .ods, .odt,

Steps to Stay Away from Ransomware
1. Never download attachments or click on links in emails received from unwanted or unexpected sources, even if the source looks familiar.
2. Don’t respond to pop-up notifications or alerts while visiting unfamiliar websites.
3. Apply all recommended security updates to your OS, software, and Internet browsers, if not already.
4. Have a security software installed in your PC that efficiently blocks spam and malicious emails, and automatically restricts access to malicious websites.

THE MOST IMPORTANT STEP TO TAKE!
Regular data backup is the only way you can recover from a ransomware attack. Once TeslaCrypt encrypts your files, there is no way that you can decode them without buying the private key. And paying crooks is something we and even the law enforcement do not recommend.

So, take regular backups of all the important files you have on your computer. We recommend you to begin the backup procedure offline and not when you are connected to the Internet. This is because, ransomware also target files in external storage drives. And once you are done, disconnect the backup drive.

What to do if your Computer is Infected with TeslaCrypt?
1. Disconnect your system from the Internet.
2. Disconnect any external storage devices connected to your computer.
3. Run a virus scan on your computer.
4. Get help from a local computer expert to ensure that the infection is gone. Thereafter, you can restore your files from your backup. Running a System Restore may also help.

How can Quick Heal help?
Quick Heal helps prevent ransomware infections with its real-time Email Security that blocks spam, infected and malicious emails. Its Web Security feature automatically blocks infected and malicious websites. Also, Quick Heal detects TeslaCrypt as Ransom.Tescrypt.A4 and proactively blocks the infection.

subscribe to blog button

Rajiv Singha

Rajiv Singha

Follow @Singha_Ra

Subscribe
Notify of
guest
44 Comments
Inline Feedbacks
View all comments
Ashish Rane
Ashish Rane
5 years ago

Thanks Rajib for the important info. God bless.

naren
naren
5 years ago

quick heal version 16.00(9.0.0.17),can detect the TeslaCrypt?

Harsh
Harsh
5 years ago

Thanks Rajib for informing about new virus

SUNDARAM BALA
SUNDARAM BALA
5 years ago

Thanks for the News.

Harsh
Harsh
5 years ago

Great work rajib

Arun
Arun
5 years ago

Thanx a ton , that’s why I subscribed to Quick Heal since its inception . Gr8 job .

VIJAY BABANRAO WAGH
VIJAY BABANRAO WAGH
5 years ago

Thanks. This was an excellent and timely Alert from Quick Heal.

Vijay.

rahmatullah
rahmatullah
5 years ago

thaks for information

RHEA
RHEA
5 years ago

i already have quick heal installed. do i still need to be scared about the teslacrypt???

Rahul Thadani
5 years ago
Reply to  RHEA

Hi Rhea,

Quick Heal detects TeslaCrypt on the machine so you do not have to worry about this threat.

Regards.

gaurang
gaurang
5 years ago

thanks for the use full information.

Vimal Krishnan
Vimal Krishnan
5 years ago

Thanks Rajib god bless

Debdarpan khan
Debdarpan khan
5 years ago

Hello Rajib,
I have 2 computers.
One has “Quick Heal Total Security 2012” version 13.00(6.0.0.4), license valid till 27 Jan 2017.
The other one has “quickheal internet security” version 16.00(9.0.0.14), license valid till 07 May 2016.
Can theyt prevent “TeslaCrypt” from infecting the computers
with regards
Debdarpan Khan

Rahul Thadani
5 years ago
Reply to  Debdarpan khan

Hi Debdarpan,

Quick Heal detects the TeslaCrypt ransomware so you do not need to worry about this infecting your machines.

Regards.

larry
larry
5 years ago

Thanks rajib you guys are awesome

rahul maske
rahul maske
5 years ago

i have deleted this malware to detected to my computer

ABHIMANYU KUMAR
ABHIMANYU KUMAR
5 years ago

THANKS FOR INFORM FOR NEW virus

RUBI KUMARI
RUBI KUMARI
5 years ago

THANKS FOR INFORM NEW virus

prashil moon
prashil moon
5 years ago

Quick Heal’s Behaviour Detection System also pro-actively detects malicious activity for the TeslaCrypt…

Sk Abdulla
Sk Abdulla
5 years ago

nice

Mukesh Prasad
Mukesh Prasad
5 years ago

Thank you Rajib for the valuable information

bharat namdeo
bharat namdeo
5 years ago

we are quckheel user our end date is nearest.so please three user quckheel discount rate and payment prosess send me

bharat namdeo
jabalpur MP india
09425466762

Rahul Thadani
5 years ago
Reply to  bharat namdeo

Hi Bharat,

In order to renew your Quick Heal product, you will need to do so via the renew option once you open your Quick Heal product dashboard. If you need help to do this, please contact our support team on 0-927-22-33-000.

Regards.

Suhel
Suhel
5 years ago

thank you for this important information about this
new virus.

Saumik Roy
Saumik Roy
5 years ago

I JUST WANT TO ASK ONE THING…. does quick heal internet security or quick heal total seucity code works in google play’s quick heal paid….. cause which i mentioned is easily available in market for buying….. oh antivirus code is also available…so will that work too….

Rahul Thadani
5 years ago
Reply to  Saumik Roy

Hi Saumik,

No the product key for Total Security or Internet Security does not work on the mobile product over Google Play. The product key for that needs to be purchased separately.

Regards.

chander verma
chander verma
5 years ago

when i got problems to use my laptop to access my web site then i purchase quickheal then i got complete solution and i am satisfied now

shashikant Dhikale
shashikant Dhikale
5 years ago

Thanks for information

Udayan
Udayan
5 years ago

Thanks for the info! Sounds very scary though!

Ayush
Ayush
5 years ago

Hey Rajib!! I have lot of games in my PC or you can say I’m a Gamer. So, can you tell me what Tesla Crypt do? How does it asks Ransom and how does it affects one computer? Does it infects One’s PC by Internet or Virus?

Regards,
Ayush

bappa ghosh
bappa ghosh
5 years ago

my quickheal not updatet.

Rahul Thadani
5 years ago
Reply to  bappa ghosh

Hi Bappa,

We recommend that you contact our support center in order to resolve this issue. You can reach them in the following ways:

1. Call them on 0-927-22-33-000.
2. Submit a ticket by visiting this link – https://www.quickheal.co.in/submitticket

Regards.

Putta
Putta
5 years ago

Hacking tools and patch files are regarded as virus by Quick heal. What can i do thank you

Rahul Thadani
5 years ago
Reply to  Putta

Hi Putta,

Kindly share some more information about these tools and files that you are referring to. This will allow us to help you better.

Regards.

girish
girish
5 years ago
Reply to  Putta

Hi what is hacking tools and patch file,i have installed tablet security but not satisfied this software dont have couple of features compared to total security and i am worried,Mr Rajib Sir will my quickheal tablet security software is enough powerful software and will it save my device from teslacrypt or ransomwares,adwar or malware in the future and please discuss in next discussion on this topics on what are the ways and how many numbers of options do any kind of viruses have for entering in our android devices without users knowledge and one more question for you Rajib Sir… Read more »

sunil rathore
sunil rathore
5 years ago

its btr thn other al…

Krishnasish Sarkar
Krishnasish Sarkar
5 years ago

Do Quickheal v15.00 detect this ransomeware teslascrypt?

Manas Ranjan Ghosh
Manas Ranjan Ghosh
5 years ago

THANKS FOR INFORMATION & WISHING BEST.

girish
girish
5 years ago

Hi Rajib Sir In case i finished my internet limit and i dont have internet for few hours but i had already installed few apps from googleplay store during which if i full scan my device using myquickheal tablet security software to detect any virus in my installed application will my quickheal tablet security will detect any virus in that installed apps from googleplay because i have no idea on how this software works without internet conection is it very necessary that there must be internet connection for scanning the device or my tablet security can be effective enough to… Read more »

44
0
Would love your thoughts, please comment.x
()
x