TeslaCrypt appeared in February 2015, and since then, it has been spreading around faster and faster. Tesla was built on the heels of another popular piece of ransomware known as CryptoLocker.
Usually, TeslaCrypt is delivered via the Angler Exploit Toolkit, and it infects websites to deliver drive-by downloads to those unlucky enough to stumble upon these websites. However, lately a few new versions of this malware have started using botnet delivered email as a mean of delivering its payload to its victims.
Initially, TeslaCrypt targeted gamers by not only encrypting photos and documents, but also targeting saved game files and Steam activation keys. Since then this family of malware has moved on to corporate targets and now on to whomever it can find.
to pull down files such as 93[.]exe, 45[.]exe, and 26[.exe] among others utilizing the same naming convention. Some versions also reach out to make an http post command to salaeigroup[.]com.
An intriguing fact about these versions is that some show an earlier received date even though they are coming in currently. This could either be by design or some of these could have been held up on their respective remote hosts until today, regardless, they remain just as dangerous and should be avoided.
In any case, users should be aware that ransomware attacks show no real sign of slowing down, though they seem to be highly effective. Due to this fact, users must be aware that ransomware is out there in its full capacity. Thus, systems should be backed up regularly, and ransoms should not be paid.