Skip to main content

TeslaCrypt ransomware grows as victims pay up

Ransomware continues to be a lucrative method for cyber criminals looking to extort money from vulnerable users. According to a new report from FireEye, the latest strain of ransomware TeslaCrypt (also known as Alpha Crypt) has yielded $76,522 for its authors since February, from 163 victims.

Other examples of ransomware like Cryptolocker and TorLocker have extorted huge sums of money from users across the globe. TeslaCrypt’s performance so far shows us that ransomware is still performing well despite growing awareness around the technique.

FireEye was able to track payments made to cybercriminals between February and April, as most payments are made in Bitcoin, though in some cases they accept PayPal My Cash cards. Ransoms ranged from $150 to as high as $1,000.

The researchers note that authors of the ransomware had little bias in who they targeted, which included students in Iran and Spain, who were afraid of losing their valuable college assignments and coughed up the ransom. TeslaCrypt also infected a non-profit that works towards a cure for blood cancer.

FireEye pointed out that many victims, like small businesses, were simply unable to pay and gave up, and as a result lost their data.

The security firm recovered several of the notices that TeslaCrypt’s creators were using when they encrypted someone’s files and has even published some of the messages between victim and perpetrator.

“I understand the terms of your demand, but I simply do not have the amount you’re requesting. Would you please consider a lesser amount. The absolute most I can do is $100 on Paypal,” wrote one victim, who was told the minimum was $250.

Some victims were actually successful in bargaining their ransom down. When cybercriminals come across a victim that just does not have the money, they may very well reduce the cost, as something is better than nothing.

One victim is even seen pleading with the ransomware author to decrypt his files so he can file his tax return and retrieve work-related data required for his job.

FireEye adds that even after payment, there is no guarantee that the criminals know how to decrypt your files, may not even bother.

“Unfortunately, the decryption does not always work. Sometimes the victims are infected with different types of malware that interfere with one another or bugs in the ransomware prevent all the victims’ files from being decrypted,” said FireEye’s Nart Villeneuve.

Villeneuve adds that FireEye anticipates ransomware will continue to grow. “The tools are easy to employ, and even inexperienced intruders can generate a quick profit from Internet users around the world who are desperate to recover their files and pay the ransom,” he said.

Cryptolocker, perhaps the most infamous ransomware type, has reportedly generated three million in transactions since 2013, so it’s easy to see why cyber-criminals are launching so many ransomware campaigns.

Editors' Recommendations

Jonathan Keane
Former Digital Trends Contributor
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
Ransomware learns the art of customer service to help victims pay up
mongodb database ransom rusty padlock

Ransomware criminals are getting savvier in collecting ransoms by borrowing friendly customer service and marketing techniques from traditional industries.

Reuters reports on how the town of Tewksbury, Massachusetts was struck by ransomware last year when its police department was locked down by CryptoLocker. The virus, which encrypts valuable files demanded a ransom of $500, to be paid in bitcoin, to retrieve the files – a ransom that the police department ultimately paid.

Read more
Pre-boot malware Nemesis targets financial systems with data theft
Man frustrated at computer.

One of the more interesting revelations about the snooping tactics employed by the NSA over the past few years was that the agency had managed to install malware into hard-drive firmware in order to get around deletion during formats. While not as complicated as that, Nemesis malware uses a similar system by hiding outside the reaches of normal clean-ups, dodging even operating system reinstalls by hiding in the boot-record.

IT professionals who don't want the malware equivalent of the Nemesis character pictured above rampaging within the systems they manage will be on guard against this possibility.

Read more
New ransomware surprises victims with its affiliate program
A hacker inputting code into a system.

Roll up, roll up, who wants to make some money ruining the prized memories of computer users around the world? You do? Well you're in luck, as the nefarious individuals behind the ransomware "Chimera," have placed an advert in their latest creation, offering anyone affected by its software to join its affiliate program and help spread the wondrous destruction of the malware.

In many ways the Chimera ransomware is quite typical. Once a machine is infected, it hunts out potentially important documents, images and files and encrypts them, only offering to give the decryption key if the affected user pays up. It does however go one step further and states that if the user holds out and doesn't pay, the content may be posted online for all to see.

Read more