On 3 December 2015, the Reporting and Analysis Center for Information Assurance (MELANI) provided information on the current TeslaCrypt encryption virus, which encrypts data and then demands a ransom.
Various reports about the TeslaCrypt malware to the Reporting and Analysis Center for Information Assurance (MELANI) testify to an increasing spread of this new variant of extortionate malware (ransomware). Following the campaigns of Cryptolocker, Synolocker, Cryptowall, etc., which have been active for some time, the new variant seems to spread almost exclusively via infected e-mail attachments (an attachment of the type “.zip” containing a file of the type “.js”). Once installed, TeslaCrypt encrypts the files that are on the computer (for example, photos, Excel or Word files). The victim is then presented with a message in which the criminals make a demand for money. In return, the victim is supposed to receive the key with which the files can be restored (blackmail).
Various antivirus products can find and destroy the malware. However, by then it is usually too late, because the files present on the computer have already been encrypted. Therefore, in this case, the problem is not the removal of the malware, but the recovery of the original data. At the moment, there seems to be no method to decrypt the data without the key, which is only known to the extortionists. Nevertheless, MELANI advises against responding to the extortionists’ demands and making a payment here. There is no guarantee that the criminals will actually keep their word and send the key needed to decrypt the files to the victim. At the same time, they finance the attackers’ further development, which enables the next even more effective attack.
Always be wary of suspicious emails, emails that you receive unexpectedly, or emails that come from an unknown sender. Do not follow any instructions in the text, do not open any attachments and do not follow any links.
In case of infection, contact our Service Line +41 44 552 13 13 immediately or send us a support request.