The developers of malware and especially ransomware are learning from each other. TeslaCrypt ransomware is a relatively young malware: the first samples of this infection have been found in February 2015. TeslaCrypt has become famous because of its unusual method of monetization unlike other ransomware, the first generation of TeslaCrypt was encrypting not only the documents, photos and videos, but also game files of some popular games such as World of Warcraft, Minecraft, Starcraft, Diablo, Dota, Steam, etc. However, due to several technical deficiencies in TeslaCrypt 1.0 earlier versions it was not the worst ransomware. The cyber criminals have tried to scare user with statement that they are using the irresistible RSA-2048 encryption algorithms, in fact, encryption was simple and the encryption key was stored on user’s hard drive, so in theory a user could detect it and decrypt files.
As it turned out, the developers of TeslaCrypt learned from the mistakes. The latest version of the ransomware, recently discovered on the Internet includes several additional functions that have been integrated, allowing to prevent the decryption of stolen files and prevent the detection of malicious command servers. Now, TeslaCrypt 2.0 uses elliptic curve cryptography algorithms that are similar to the ones that were used in other notorious ransomware – CTB-Locker. The way of storage of encryption keys was changed, now TeslaCrypt 2.0 uses the system registry and not an individual file on the hard disk.
Once infected by TeslaCrypt 2.0 users will see the message with demands. Interesting fact, the demanding message was copied from another similar ransomware – CryptoWall. Compared with the original only the details of payment have changed. The amount of ransom for stolen files is quite high – about $500 at the current rate of exchange bitcoins.
Usually ransomware like TeslaCrypt spreads together with freeware programs or by such exploit kits like Angler, Sweet Orange and Nuclear. This method works as follows: when the victim visits the infected website, malware is installed on the system through the browser vulnerability. Most of the antivirus programs detecting TeslaCrypt ransomware as Trojan-Ransom.Win32.Bitman. So if you see the warning message from your antivirus about this infection, do not ignore it and take immediate actions.
The files encrypted by TeslaCrypt 2.0 currently are impossible to decrypt without the original key, however in any case you should pay the ransom. You will be scammed and lose all your money and will not get the key. The best way to restore your files is from backup copy or by restoring your computer to previous date. However, before that you need to make sure that the TeslaCrypt is completely removed from your computer. Therefore, we suggest you to follow our comprehensive removal guide provided below. Also, use our automatic removal tool to scan your computer for malware and clean it before restoring your data. Otherwise you are risking to get infected once again.
Symptoms of TeslaCrypt 2.0 infection on your computer can be: computer crashes, unusual homepage or search engine on your browser, unwanted pop-up ads and advertising banners. We recommend to download our automatic removal tool. This removal tool has been tested for TeslaCrypt 2.0 threat removal and it is easy to use.
My antivirus couldn’t find TeslaCrypt 2.0, but with the help of tutorial I was able to clean my pc – Randy Sanford
Thank you so much! TeslaCrypt 2.0 was basically breaking my browser that I use for 90% of my work. You are a lifesaver! – Barbara Adler
Thank you again, this is the second time that TeslaCrypt 2.0 has sneaked into my system – John Yakob
TeslaCrypt 2.0 was bothering me every time I turn on my computer, now the problem is gone – Arthur