TeslaCrypt and Alpha Crypt Ransomware Information Guide and FAQ
TeslaCrypt and Alpha Crypt are
file-encrypting ransomware programs that target all version of Windows
including Windows XP, Windows Vista, Windows 7, and Windows 8.
TeslaCrypt was first released around the end of February 2015 and Alpha
Crypt was released at the end of April 2015. When you are first infected
with TeslaCrypt or Alpha Crypt they will scan your computer for data
files and encrypt them using AES encryption so they are no longer able
to be opened. Once the infection has encrypted the data files on all of
your computer drive letters it will display an application that contains
instructions on how to get your files back. These instructions include a
link to a Decryption Service site,
which will inform you of the current ransom amount, the amount of files
encrypted, and instructions on how to make your payment. The ransom
cost starts at around $500 USD and is payable via bitcoins. The bitcoin
address that you submit payment to will be different for every victim.
When TeslaCrypt or Alpha Crypt are first installed on your computer they will create a random named executable in the %AppData% folder. This executable will be launched and begin to scan all the drive letters on your computer for data files to encrypt. If a a supported data file is detected it will encrypt it and then append a new extension to the filename based on the particular variant you are infected with. For TeslaCrypt, the extension .ECC will be appended and for Alpha Crypt the extension .EZZ will be appended to filenames.
What is TeslaCrypt and AlphaCrypt?
TeslaCrypt and Alpha Crypt are
file-encrypting ransomware programs that target all version of Windows
including Windows XP, Windows Vista, Windows 7, and Windows 8.
TeslaCrypt was first released around the end of February 2015 and Alpha
Crypt was released at the end of April 2015. When you are first infected
with TeslaCrypt or Alpha Crypt they will scan your computer for data
files and encrypt them using AES encryption so they are no longer able
to be opened. Once the infection has encrypted the data files on all of
your computer drive letters it will display an application that contains
instructions on how to get your files back. These instructions include a
link to a Decryption Service site,
which will inform you of the current ransom amount, the amount of files
encrypted, and instructions on how to make your payment. The ransom
cost starts at around $500 USD and is payable via bitcoins. The bitcoin
address that you submit payment to will be different for every victim.When TeslaCrypt or Alpha Crypt are first installed on your computer they will create a random named executable in the %AppData% folder. This executable will be launched and begin to scan all the drive letters on your computer for data files to encrypt. If a a supported data file is detected it will encrypt it and then append a new extension to the filename based on the particular variant you are infected with. For TeslaCrypt, the extension .ECC will be appended and for Alpha Crypt the extension .EZZ will be appended to filenames.
