A Peek Inside TeslaCrypt Ransomware

The security research firm FireEye has released a study into the activities of the criminal group behind the TeslaCrypt ransomware tool. Like other ransomware variants, TeslaCrypt encrypts the data on the victim's computer then posts a notice demanding that the victim pay money to get their data back. TeslaCrypt, which is distributed via the Angler exploit kit, demands a payment in the range of $150 to $1,000 – preferably in Bitcoins.

FireEye tracked the payment through Bitcoin reporting mechanisms. The TeslaCrypt gang encrypted 1,231 systems between February and April 2015 and extracted  payment from 163 victims for a total revenue of $76,522. More interesting than the financial data are the examples of correspondence between the criminals and the victims. TeslaCrypt appears to place a high value on “user-friendliness,” with an interactive customer support channel for users who have questions about how to pay the ransom. The correspondence reads almost like a Kafka-inspired parody of customer service – with the criminals helping victims through the steps of obtaining Bitcoins and letting them upload one file for decryption as a “free sample.”

A team at Cisco figured out how to break the TeslaCrypt encryption and released the solution on April 27.