Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

TeslaCrypt Authors Close Shop, Release Master Decryption Key

The operations of TeslaCrypt, one of the largest ransomware threats over the past months, appear to have shut down, with its authors already releasing a master decryption key, researchers at ESET report.

The operations of TeslaCrypt, one of the largest ransomware threats over the past months, appear to have shut down, with its authors already releasing a master decryption key, researchers at ESET report.

The ransomware emerged roughly a year ago and has seen numerous updates ever since, with its latest analyzed version being 4.0. Earlier this year, a flaw in TeslaCrypt and TeslaCrypt 2.0 variants allowed researchers to create a free decryption tool, but version 3.0 of the malware patched the issue.

The malware was distributed via different channels, including exploit kits, and in December 2015 exploited a newly patched Flash Player heap buffer overflow vulnerability (CVE-2015-8446) to drop TeslaCrypt onto targeted systems.

Angler continued to deliver TeslaCrypt as its malicious payload for several months, as seen in a campaign exploiting a patched Silverlight vulnerability, as well as in an attack against the EC Council website. Courtesy of numerous distribution campaigns in the past months, TeslaCrypt was the third biggest player on the ransomware scene at the beginning of March.

Although TeslaCrypt has had a constant, active presence on the threat landscape over the past year, its authors might have closed shop, and the move appears final, security company ESET claims. The researchers not only discovered that the ransomware’s operators already announced that they are closing the project, but they also convinced these actors to provide them with the master decryption key.

In an unexpected move, the TeslaCrypt operators made the key public on the ransomware’s payment site, and researchers already used the key to create a free decryption tool that should help all of the malware’s victims to restore their files. Other decryption utilities were also updated using the released key and can be used to decrypt files affected by versions 1.0 to 4.0 of the ransomware.

The news of TelsaCrypt operators shutting down their business comes just one week after researchers at Check Point published an extensive analysis (PDF) of TeslaCrypt V3.0.1. This ransomware variant came with support for offline encryption and was able to maintain a low profile by executing on low priority applications and closing suspicious ones to avoid detection.

TeslaCrypt 3.0 and later versions were deemed nearly impossible to decrypt, and Check Point’s new report reiterates that. The paper also provides a thorough analysis of the ransomware’s infection and execution chains.

Advertisement. Scroll to continue reading.

Other ransomware families have attracted the attention of security researchers over the past several months, and numerous decryption tools were released for free. Examples include Kaspersky’s tool for decrypting files affected by the CryptXXX ransomware, and a decryptor for Petya. Last year, a flaw in Linux.Encoder1 allowed Bitdefender to create a decryption tool to restore victims’ files for free.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.

Register

People on the Move

Satellite cybersecurity company SpiderOak has named Kip Gering as its new Chief Revenue Officer.

Merlin Ventures has appointed cybersecurity executive Andrew Smeaton as the firm’s CISO-in-Residence.

Retired U.S. Army General and former NSA Director Paul M. Nakasone has joined the Board of Directors at OpenAI.

More People On The Move

Expert Insights