Skip to main content

TeslaCrypt ransomware grows as victims pay up

Hacker
hamburg_berlin/Shutterstock
Ransomware continues to be a lucrative method for cyber criminals looking to extort money from vulnerable users. According to a new report from FireEye, the latest strain of ransomware TeslaCrypt (also known as Alpha Crypt) has yielded $76,522 for its authors since February, from 163 victims.

Other examples of ransomware like Cryptolocker and TorLocker have extorted huge sums of money from users across the globe. TeslaCrypt’s performance so far shows us that ransomware is still performing well despite growing awareness around the technique.

FireEye was able to track payments made to cybercriminals between February and April, as most payments are made in Bitcoin, though in some cases they accept PayPal My Cash cards. Ransoms ranged from $150 to as high as $1,000.

The researchers note that authors of the ransomware had little bias in who they targeted, which included students in Iran and Spain, who were afraid of losing their valuable college assignments and coughed up the ransom. TeslaCrypt also infected a non-profit that works towards a cure for blood cancer.

FireEye pointed out that many victims, like small businesses, were simply unable to pay and gave up, and as a result lost their data.

The security firm recovered several of the notices that TeslaCrypt’s creators were using when they encrypted someone’s files and has even published some of the messages between victim and perpetrator.

“I understand the terms of your demand, but I simply do not have the amount you’re requesting. Would you please consider a lesser amount. The absolute most I can do is $100 on Paypal,” wrote one victim, who was told the minimum was $250.

Some victims were actually successful in bargaining their ransom down. When cybercriminals come across a victim that just does not have the money, they may very well reduce the cost, as something is better than nothing.

One victim is even seen pleading with the ransomware author to decrypt his files so he can file his tax return and retrieve work-related data required for his job.

FireEye adds that even after payment, there is no guarantee that the criminals know how to decrypt your files, may not even bother.

“Unfortunately, the decryption does not always work. Sometimes the victims are infected with different types of malware that interfere with one another or bugs in the ransomware prevent all the victims’ files from being decrypted,” said FireEye’s Nart Villeneuve.

Villeneuve adds that FireEye anticipates ransomware will continue to grow. “The tools are easy to employ, and even inexperienced intruders can generate a quick profit from Internet users around the world who are desperate to recover their files and pay the ransom,” he said.

Cryptolocker, perhaps the most infamous ransomware type, has reportedly generated three million in transactions since 2013, so it’s easy to see why cyber-criminals are launching so many ransomware campaigns.

Jonathan Keane
Former Digital Trends Contributor
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
A dangerous new jailbreak for AI chatbots was just discovered
the side of a Microsoft building

Microsoft has released more details about a troubling new generative AI jailbreak technique it has discovered, called "Skeleton Key." Using this prompt injection method, malicious users can effectively bypass a chatbot's safety guardrails, the security features that keeps ChatGPT from going full Taye.

Skeleton Key is an example of a prompt injection or prompt engineering attack. It's a multi-turn strategy designed to essentially convince an AI model to ignore its ingrained safety guardrails, "[causing] the system to violate its operators’ policies, make decisions unduly influenced by a user, or execute malicious instructions," Mark Russinovich, CTO of Microsoft Azure, wrote in the announcement.

Read more