New version of TeslaCrypt ups ante for ransomware

Researchers at Endgame detected stronger obfuscation strategies embedded into the one-week-old TeslaCrypt 4.1A.
Researchers at Endgame detected stronger obfuscation strategies embedded into the one-week-old TeslaCrypt 4.1A.

The scourge of ransomware is not only increasing, but the primary target for attacks is shifting.

According to a new study from Endgame, while ransomware formerly was focused on larger high-value targets, such as hospitals, two updates in the latest version of the notorious TeslaCrypt illustrate that it is not only spreading wider, but it is also evolving with new capabilities.

A new iteration of the TeslaCrypt ransomware is targeting a number of new extensions, most notably: .7z; .apk; .asset; .avi; .bak; .bik; .bsa; .csv; .d3dbsp; .das; .forge; .iwi; .lbf; .litemod; .litesql; .ltx; .m4a; .mp4; .rar; .re4; .sav; .slm; .sql; .tiff; .upk; .wma; .wmv; and .wallet.

Endgame detected stronger obfuscation strategies – such as AV evasion, anti-debugging and stealth – embedded into the one-week-old TeslaCrypt 4.1A. Further, the plight is reaching into personal networks and "growing sophistication presents significant challenges to the security community and significant threats to users of all kinds," the report stated.

The malware is spreading via a flood of spam campaigns, the researchers said, noting that while demanding smaller sums of money, the attacks still remain profitable as they're reaching a wider audience.
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS