A Peek Inside TeslaCrypt Ransomware

May 20, 2015

Criminals offer online help over Tor network

The security research firm FireEye has released a study into the activities of the criminal group behind the TeslaCrypt ransomware tool. Like other ransomware variants, TeslaCrypt encrypts the data on the victim's computer then posts a notice demanding that the victim pay money to get their data back. TeslaCrypt, which is distributed via the Angler exploit kit, demands a payment in the range of $150 to $1,000 – preferably in Bitcoins.

FireEye tracked the payment through Bitcoin reporting mechanisms. The TeslaCrypt gang encrypted 1,231 systems between February and April 2015 and extracted  payment from 163 victims for a total revenue of $76,522. More interesting than the financial data are the examples of correspondence between the criminals and the victims. TeslaCrypt appears to place a high value on “user-friendliness,” with an interactive customer support channel for users who have questions about how to pay the ransom. The correspondence reads almost like a Kafka-inspired parody of customer service – with the criminals helping victims through the steps of obtaining Bitcoins and letting them upload one file for decryption as a “free sample.”

A team at Cisco figured out how to break the TeslaCrypt encryption and released the solution on April 27.

Related content

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More