VIRUS DEFINITION

Virus Type: ransomware

What is TeslaCrypt?

When detected in February 2015, the new ransomware Trojan gained immediate notoriety as a menace to computer gamers. Amongst other types of target files, it tries to infect typical gaming files: game saves, user profiles, recoded replays etc. That said, TeslaCrypt does not encrypt files that are larger than 268 MB. Recently, Kaspersky Lab has detected curious behaviour in a new threat from the TeslaCrypt ransomware encryptor family. In version 2.0 of the Trojan notorious for infecting computer gamers, it displays an HTML page in the web browser which is an exact copy of CryptoWall 3.0, another notorious ransomware program. After a successful infection, the malicious program demands a $500 ransom for the decryption key; if the victim delays, the ransom doubles.

Who are the victims of its attacks?

The Trojan notorious for infecting computer gamers. Most TeslaCrypt infections occur in the USA, Germany and Spain; followed by Italy, France and United Kingdom.

Am I at risk?

You are potentially at risk if you play computer games.

How do I know if I’m infected?

TeslaCrypt will encrypt files and ask for ransom ($500). Amongst other types of target files, it tries to infect typical gaming files: game saves, user profiles, recoded replays etc.

Kaspersky Lab’s products detect this malicious program as Trojan-Ransom.Win32.Bitman.tk and successfully protect users against this threat. In addition, a Cryptomalware Countermeasure Subsystem is implemented in Kaspersky Lab’s solutions. This registers activity when suspicious applications attempt to open a user’s personal files and immediately makes local protected backup copies of them. If the application is then judged to be malicious, it automatically rollbacks unsolicited changes by replacing those files with copies. In this way, users are protected from yet unknown cryptomalware.

How can I protect myself?

  • Create backup copies of all your important files on a regular basis. Copies should be kept on media that are physically disconnected immediately after the backup copying is completed.
  • It is crucially important to update your software in a timely fashion, especially the web browser and its plugins.
  • Should a malicious program still land on your system, it will be best addressed by the latest version of a security product with updated databases and activated security modules.