A new ransomware called TeslaCrypt is one of the latest threats for Windows users. As you probably know already, a ransomware is a virus that crypts every personal file present in your computer and asks for a ransom in order to give you back access to them.
Very similar to Cryptowall or Cryptolocker, once in your PC TeslaCrypt will search for every file that might have some value for you: word and excel files as well as pictures are the obvious choices. However, TeslaCrypt doesn’t stop there, it also crypts backup data from video games installed in your computer. TeslaCrypt can actually crypt files from over 40 games including: Call of Duty, Star Craft 2, Diablo, Fallout 3, Minecraft, Half-Life 2, Dragon Age: Origins, Skyrim, WarCraft 3 among others.
Another important difference between TeslaCrypt and other ransomware is that for the first time, this kind of infection accepts payments from another source than bitcoin, in this case we talk about payments with PayPal My Cash Card. These cards are prepaid cards found in shops in the United States, money can be uploaded to them to be used in a PayPal account. If you pay with a PayPal My Cash, your ransom will be $ 1000, using bitcoin the amount is $ 500.
TeslaCrypt is deployed by malicious websites using a combination of Flash and iframes to infect their visitors. Once infected, it scans every hard drive in your computer to crypt the previously mentioned file types by means of the AES crypt system. Every encrypted file will have the .ecc extension added to their name. Afterwards it will execute a command that will erase every backup and restoration points created by Windows. This is a clever way to stop you from getting back your files from one of these sources.
Finally, TeslaCrypt will change your wallpaper to set a picture asking for the ransom, and will create a file called: HELP_TO_DECRYPT_YOUR_FILES.txt in your desktop. A window will appear with explanations about what has happened to you files, and warning you that you have 3 days to pay. This window has special cases where you can verify if your payment has been accepted and to enter the keys to recover your files and a link towards a TOR site where you can recover one file as a test.