Threat Spotlight: TeslaCrypt – Decrypt It Yourself
This post was authored by: Andrea Allievi, Earl Carter & Emmanuel Tacheau
After the takedown of Cryptolocker, we have seen the rise of
Cryptowall. Cryptowall 2 introduced “features” such as advanced
anti-debugging techniques, only to have many of those features removed
in Cryptowall 3. Ransomware is becoming an extremely lucrative business,
leading to many variants and campaigns targeting even localized regions
in their own specific languages. Although it is possible that these
multiple variants are sponsored by the same threat actor, the most
likely conclusion is that multiple threat actors are jumping in to claim
a portion of an ever increasing ransomware market. One of the latest
variants is called TeslaCrypt and appears to be a derivative of the
original Cryptolocker ransomware. Although it claims to be using
asymmetric RSA-2048 to encrypt files, it is making use of symmetric AES
instead. Talos was able to develop a tool which decrypts the files
encrypted by the TeslaCrypt ransomware...
No comments:
Post a Comment