A Peek Inside TeslaCrypt Ransomware

May 20, 2015

Criminals offer online help over Tor network

The security research firm FireEye has released a study into the activities of the criminal group behind the TeslaCrypt ransomware tool. Like other ransomware variants, TeslaCrypt encrypts the data on the victim's computer then posts a notice demanding that the victim pay money to get their data back. TeslaCrypt, which is distributed via the Angler exploit kit, demands a payment in the range of $150 to $1,000 – preferably in Bitcoins.

FireEye tracked the payment through Bitcoin reporting mechanisms. The TeslaCrypt gang encrypted 1,231 systems between February and April 2015 and extracted  payment from 163 victims for a total revenue of $76,522. More interesting than the financial data are the examples of correspondence between the criminals and the victims. TeslaCrypt appears to place a high value on “user-friendliness,” with an interactive customer support channel for users who have questions about how to pay the ransom. The correspondence reads almost like a Kafka-inspired parody of customer service – with the criminals helping victims through the steps of obtaining Bitcoins and letting them upload one file for decryption as a “free sample.”

A team at Cisco figured out how to break the TeslaCrypt encryption and released the solution on April 27.

Related content

comments powered by Disqus

Issue 272/2023

Buy this issue as a PDF

Digital Issue: Price $12.99
(incl. VAT)

Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters