TeslaCrypt ransomware pushed by several exploit kits
TeslaCrypt is one of the newest additions to the ransomware category of malware, and is being pushed out to users left and right.
Aside from the usual assortment of file types that ransomware usually targets, TeslaCrypt also encrypts file types associated with video games and game related software, as well as iTunes-related files.
The main delivery method is exploit kits: initially Angler, but later also the Sweet Orange and Nuclear exploit kits.
The latter is being used in the latest campaign. Potential targets are being redirected to the site hosting the EK from compromised WordPress sites.
In one particular case observed by Brad Duncan, security researcher at Rackspace, the kit successfully exploited a Flash vulnerability affecting an out-of-date version of Flash player (22.214.171.124).
The delivered ransomware still uses a visual identity similar to that of Cryptolocker. When victims visit the site that instructs them on how to pay the ransom, the identity of the ransomware becomes obvious:
While the infection attempt is new, and it’s too early to tell how many users will ultimately pay the ransom, a check of said bitcoin address reveals that so far, no one has made a payment.
Ransomware has been a popular way for cyber crooks to make money for a while now.
Even though there are now ways to restore the files encrypted by some types of ransomware without paying ransom, the best protection you have against this type of malware is to back up regularly all the files you consider important.