The ransomeware TeslaCrypt is a Trojan which is known for targeting computer games, such as Call of Duty, World of Warcraft, Minecraft and World of Tanks, and encrypting its game files. Once encrypted, the pc user is prompted with a ransom of $500 worth of bitcoins in order to obtain the key to decrypt the file.
Recently, security researchers reported a new version of the ransomware TeslaCrypt which has been distributed around. According to the reserachers, the latest version of TeslaCrypt encrypts and appends with a .vvv extension, stating that in order to recover those files, pc users must pay $500USD or face the risk of seeing this amount double within less than a week.
The warning on the computer screen states:
Your files are encrypted. To get the key to decrypt files you have to pay 500 USD. If payment is not made before 25/12/15 the cost of decrypting files will increase 2 times and will be 1000 USD.
The so called Angler Exploit Kit, uses a very recently patched flaw in Adobe Flash Player up to version 220.127.116.11 (CVE-2015-8446), making it the most lethal exploit kit at the moment.
Two weeks ago, the same ransomware was seen on the blog of The Independent. At that time, the security researchers Trend Micro warned that The Independent’s blog site was serving the TeslaCrypt.
The most important thing here is that if a user does not have an updated Adobe Flash Player, the vulnerable system will download the Cryptesla 2.2.0 ransomware (detected by Trend Micro as RANSOM_CRYPTESLA.YYSIX).” After that, the malware changes the extension of encrypted files to “.vvv”, which is a clear sign that the virtual machine has been infected with the new version of TeslaCrypt Ransomeware.