Incident Response, Malware, TDR

Microsoft updates Malicious Software Removal Tool to address Tescrypt infections

Microsoft updated its Malicious Software Removal Tool yesterday, which detects and remediates malware, to deal with  ransomware that falls under the Tescrypt family.

The move to protect against this specific threat follows an August spike in infections, Microsoft wrote in a blog post. The company noted that prior to August, infections were “steady but low,” and after they spiked later in the month, detections fell but remained “higher than before that first peak in late August.”

The U.S. accounts for the majority of infections since September with 39 percent; the United Kingdom had about 7 percent, and Canada about 6 percent. The ransomware typically spreads though the Angler Exploit Kit (EK), Nuclear EK, Fiesta EK or the Sweet Orange EK.

Tescrypt has also gone by TeslaCrypt and AlphaCrypt in earlier versions, and occasionally masquerades as other ransomware families.

Microsoft's update for this ransomware threat should remove it from impacted Windows devices, the company wrote. In some cases, however, a user might have to download and run Windows Defender Offline to restore a PC.

The company's acknowledgment and addressing of Tescrypt as a threat follows a warning this summer from the Internet Crime Complaint Center (IC3) about CryptoWall. While that ransomware differs from Tescrypt in its targets and specific actions, IC3 deemed it the most “current and significant ransomware threat” targeting U.S. individuals and businesses.

One difference includes TeslaCrypt targeting video game files in particular.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.