A Peek Inside TeslaCrypt Ransomware

May 20, 2015

Criminals offer online help over Tor network

The security research firm FireEye has released a study into the activities of the criminal group behind the TeslaCrypt ransomware tool. Like other ransomware variants, TeslaCrypt encrypts the data on the victim's computer then posts a notice demanding that the victim pay money to get their data back. TeslaCrypt, which is distributed via the Angler exploit kit, demands a payment in the range of $150 to $1,000 – preferably in Bitcoins.

FireEye tracked the payment through Bitcoin reporting mechanisms. The TeslaCrypt gang encrypted 1,231 systems between February and April 2015 and extracted  payment from 163 victims for a total revenue of $76,522. More interesting than the financial data are the examples of correspondence between the criminals and the victims. TeslaCrypt appears to place a high value on “user-friendliness,” with an interactive customer support channel for users who have questions about how to pay the ransom. The correspondence reads almost like a Kafka-inspired parody of customer service – with the criminals helping victims through the steps of obtaining Bitcoins and letting them upload one file for decryption as a “free sample.”

A team at Cisco figured out how to break the TeslaCrypt encryption and released the solution on April 27.

Related content

comments powered by Disqus

Issue 31: Linux Shell Handbook 9th Ed./Special Editions

Buy this issue as a PDF

Digital Issue: Price $15.99
(incl. VAT)


njobs Europe
Njobs Netherlands Njobs Deutschland Njobs United Kingdom Njobs Italia Njobs France Njobs Espana Njobs Poland
Njobs Austria Njobs Denmark Njobs Belgium Njobs Czech Republic Njobs Mexico Njobs India Njobs Colombia