This article is more than 1 year old

Gamer ransomware grows up, now infecting UK, Euro businesses

TeslaCrypt pops all networked machines

Companies across Northern Europe are being smashed by the TeslaCrypt ransomware as net scum switch from extorting individuals to targeting deeper--pocketed organisations.

Those worst affected are located in the United Kingdom, France, Italy, and Spain, where a highly capable phishing campaign regularly tosses out juicy baits.

TeslaCrypt was detected in March, targeting gamers with threats that their game progress would be annihilated unless they paid attackers $500 to $1000 in Bitcoin.

The malware's perps bagged some US$76,522 from 163 victims from February to April this year, a significant haul even if rather smaller than the $3 million CryptoLocker scum pocketed in the nine months to 2014.

Heimdal Security bod Andra Zaharia says the ransomware is spreading as attachments in overdue invoice phishing emails, among others.

"In the past few days our team has seen a considerable increase in TeslaCrypt infections, a file-encrypting ransomware discovered in early 2015," Zaharia says.

"The group behind TeslaCrypt focused on individual users at first, but in this campaign the targets are mainly companies in Northern Europe.

"This time cyber criminals have decided to diversify their infection vector portfolio."

TeslaCrypt will be pulled down from external malicious websites once the JavaScript attachment is activated.

It will infect the victim's machine and impressively all those attached to the same network, encrypting files using any of 187 extensions.

The independent ground-up build of TeslaCrypt appears to be solid and as-yet resilient to reverse engineering attempts.

Only three of 55 antivirus products detect the ransomware through static VirusTotal analysis, however this is not necessarily indicative of real-world dynamic scanning results. ®

More about

TIP US OFF

Send us news


Other stories you might like