“TeslaCrypt”的意思、由来-开放百科全书

TeslaCrypt was a ransomware trojan. It is now defunct, and its master key was released by the developers.

In its early forms, TeslaCrypt targeted game-play data for specific computer games.^[1]^[2]^[3]^[4] Newer variants of the malware also affect other file types.

In its original, game-player campaign, upon infection the malware searched for 185 file extensions related to 40 different games, which include the Call of Duty series, World of Warcraft, Minecraft and World of Tanks, and encrypted such files. The files targeted involve the save data, player profiles, custom maps and game mods stored on the victim's hard drives. Newer variants of TeslaCrypt were not focused on computer games alone but also encrypted Word, PDF, JPEG and other files. In all cases, the victim would then be prompted to pay a ransom of $500 worth of bitcoins in order to obtain the key to decrypt the files.^[2]^[5]

Although resembling CryptoLocker in form and function, Teslacrypt shares no code with CryptoLocker and was developed independently. The malware infected computers via the Angler Adobe Flash exploit.^[2]^[6]

Even though the ransomware claimed TeslaCrypt used asymmetric encryption, researchers from Cisco's Talos Group found that symmetric encryption was used and developed a decryption tool for it.^[7] This "deficiency" was changed in version 2.0, rendering it impossible to decrypt files affected by TeslaCrypt-2.0.^[8]

By November 2015, security researchers from Kaspersky had been quietly circulating that there was a new weakness in version 2.0, but carefully keeping that knowledge away from the malware developer so that they could not fix the flaw.^[9] As of January 2016, a new version 3.0 was discovered that had fixed the flaw.^[10]

A full behavior report, which shows BehaviorGraphs and ExecutionGraphs was published by JoeSecurity.^[11]

In May 2016, the developers of TeslaCrypt shut down the ransomware and released the master decryption key, thus bringing an end to the ransomware.^[12] After a few days, ESET released a public tool to decrypt affected computers at no charge.^[13]

References

1. ^{{cite web|url=http://www.bleepingcomputer.com/forums/t/568525/new-teslacrypt-ransomware-sets-its-scope-on-video-gamers/|title=New TeslaCrypt Ransomware sets its scope on video gamers|date=27 February 2015|website=BleepingComputer|first=Lawrence|last=Abrams}}
2. ^¹²{{cite web|url=https://www.bbc.com/news/technology-31869589|title=Gamers targeted by ransomware virus|date=13 March 2015|website=BBC News|accessdate=14 March 2015}}
3. ^{{cite web|url=https://arstechnica.com/security/2015/03/cryptolocker-look-alike-searches-for-and-encrypts-pc-game-files/|title=CryptoLocker look-alike searches for and encrypts PC game files|date=Mar 12, 2015|author=Sean Gallagher|website=Ars Technica|accessdate=14 March 2015}}
4. ^{{cite web|url=http://www.zdnet.com/article/new-cryptolocker-ransomware-targets-gamers/|title=New CryptoLocker ransomware targets gamers|date=March 13, 2015|website=ZDNet|accessdate=14 March 2015}}
5. ^{{cite web|url=https://www.securityweek.com/teslacrypt-ransomware-encrypts-video-game-files|title=TeslaCrypt Ransomware Encrypts Video Game Files|date=March 13, 2015|website=Security Week|accessdate=14 March 2015|deadurl=yes|archiveurl=https://web.archive.org/web/20150314182407/http://www.securityweek.com/teslacrypt-ransomware-encrypts-video-game-files|archivedate=14 March 2015|df=}}
6. ^{{cite web|url=http://labs.bromium.com/2015/03/12/achievement-locked-new-crypto-ransomware-pwns-video-gamers/|title=Achievement Locked: New Crypto-Ransomware Pwns Video Gamers|date=March 12, 2015|website=Bromium Labs|accessdate=14 March 2015}}
7. ^{{cite web|url=http://www.pcworld.com/article/2915812/decryption-tool-available-for-teslacrypt-ransomware-that-targets-games.html|title=Decryption tool available for TeslaCrypt ransomware that targets games|date=2015 |website=PC World|accessdate=17 May 2015}}
8. ^{{cite web|url=https://securelist.com/blog/research/71371/teslacrypt-2-0-disguised-as-cryptowall/|title=TeslaCrypt 2.0 disguised as CryptoWall|website=securelist|accessdate=5 November 2015|first=Fedor|last=Sinitsin|publisher=AO Kaspersky Lab}}
9. ^{{cite web|url=http://www.bleepingcomputer.com/news/security/teslacrypt-decrypted-flaw-in-teslacrypt-allows-victims-to-recover-their-files/|title=TeslaCrypt Decrypted: Flaw in TeslaCrypt allows Victim's to Recover their Files|website=BleepingComputer|accessdate=21 January 2016|first=Lawrence|last=Abrams|publisher=2015 Bleeping Computer LLC}}
10. ^{{cite web|url=http://www.bleepingcomputer.com/news/security/teslacrypt-3-0-released-with-new-encryption-algorithm-and-xxx-file-extensions/ |title=TeslaCrypt 3.0 Released with Modified Algorithm and .XXX, .TTT, and .MICRO File Extensions|website=BleepingComputer|accessdate=21 January 2016|first=Lawrence|last=Abrams|publisher=2015 Bleeping Computer LLC}}
11. ^{{cite web|url=http://joesecurity.org/reports/report-43855c9d765fe7da2adcc4e6fb9d237c.html|title=BehaviorReport Ransomware Teslacrypt|website=securelist|accessdate=29 Dec 2015|publisher=Joe Security}}
12. ^{{Cite web|url=http://www.bleepingcomputer.com/news/security/teslacrypt-shuts-down-and-releases-master-decryption-key/|title=TeslaCrypt shuts down and Releases Master Decryption Key|website=BleepingComputer|language=en-us|access-date=2016-05-19}}
13. ^{{Cite web|url=https://www.guru3d.com/news-story/criminals-give-away-universal-unlock-key-for-teslacrypt-ransomware.html|title=Criminals give away universal unlock key for TeslaCrypt-ransomware|website=Guru3D.com|others=Guru3D.com|access-date=2018-04-01}}