Ransomware has been the trending topic of conversation in 2016. Particularly during the months of March, April and May Google Trends shows the cyber attack is on the minds of everyone surfing the web. One of these online threats was the infamous TeslaCrypt application that has made headlines lately by infecting gamers on an extensive level. The program locks up the user’s files and demand Bitcoins in order to receive the decryption key. However, it was recently reported that the organization of hackers who created the ransomware has released the keys to unlock the program.
Google Trends Shows Internet Users Are Concerned About RansomwareAttacks with deployed versions of ransomware have been reported on quite steadily lately and for good reason as solutions are appearing shortly after by many security organizations. One such resource a publication called Welivesecurity is a group of ESET experts publishing helpful support information for the public. Welivesecurity recently revealed they had contacted the hacker-group who created TeslaCrypt through the support line that victims use to mitigate the ransom process. The ESET security experts asked for the universal master decryption key, and surprisingly enough they complied. This has allowed the security team to create a free decrypting tool, so people who have been extorted don’t have to pay the Bitcoin fee.
TeslaCrypt is officially a ransomware trojan and initially attacked PC gamers scanning computer files for saved game data and infecting the owner’s computer. In later variations, TeslaCrypt was also known to infect other types of PC files, but most extensions were found in over 40 multiplayer games and typically were downloaded through fraudulent updates. Games included the Call of Duty series, World of Warcraft, Minecraft and more. Now since the ESET experts released the free tool the TeslaCrypt software and associated variants are considered “defunct” by security experts and Wikipedia.
When the experts contacted the hackers associated with the TeslaCrypt platform, the virus creators said, “we are sorry.” Some victims were charged upwards of a thousand dollars in Bitcoin over the course of the viruses lifespan. Naked Security by Sophos cyber-expert Paul Ducklin explains that typically thieves don’t just give away the master key. Ducklin states in a Naked Security post saying:
“Of course, only victims who have been hit recently and haven’t yet paid up, or victims who backed up their already-encrypted data just in case, will get much use out of the master key at this stage. Why did the crooks do it? That really is the $64,000 question, and we shall probably only ever be able to guess at the answer.”
No one knows why the cyber-thieves released the master key to ESET security experts. It’s possible they have moved on to working on a superior ransomware application. However patience is key, and victims have hastily paid the cryptocurrency ransom well before the release of certain decryption tools. Some organizations such as the Hollywood Presbyterian Medical Center felt they couldn’t wait and paid extortion fees of roughly $17,000 USD in Bitcoin to thieves. A hospital in Ottawa was attacked but did not give in right away and shortly after that the “Locky” decryption key was made public. Now that TeslaCrypt and Locky are defunct mechanisms the question is what is to come in the future? Are cyber-attackers getting smarter or are their ransomware applications becoming too easy to solve?
Source: Welivesecurity, and Sophos