TeslaCrypt ransomware implements sophisticated evasion in a new strain!

Cybercryiminals have introduced some significant improvements, in the TeslaCrypt ransomware new version 4.1.

The creators of the TeslaCrypt ransomware don’t sleep. They have  implemented new sophisticated evasion techniques to target new file types. TeslaCrypt has been around the web for about a week now. According to security experts the cybercriminals have invested seriously in confusion and evasion techniques. The malicious code can now encrypt also the following  file extensions: .avi; .bak; .7z; .apk; .asset; . .bik; .bsa; .csv; .d3dbsp; .das;.litemod; .litesql; .ltx; .forge; .iwi; .lbf;  .m4a; .mp4; .rar; .re4; .wma; .wmv; .sav; .slm; .sql; .tiff; .upk; and .wallet

What we have been witnessing for the last years is that ransomware becomes more widespread and more sophisticated and adaptable than ever. The TeslaCrypt 4.1A is just a week old and is already equipped with even greater tools for  delusion and tricking techniques. Its previous version appeared over an year ago.


The new strain of TeslaCrypt uses AES-256 for encrypting the files and also targets backup files by deleting the Volume Shadow Copy.  Like its previous versions, it spreads as attachment of spam campaigns, usually claiming to be a shipping delivery notification. When a victim clicks on the malicious .zip attachment, a JavaScript downloader runs automatically and downloads the TeslaCrypt ransomware on the computer.

This new strain of TeslaCrypt 4.1A ransomware is more sophisticated and deletes zone identifiers in order to prevent to detection by the antivirus software. It blocks the antivirus scans by using an anti-monitoring feature that even stops Windows processes like Task Manager, Registry Editor, Command Shell, Process Explorer and System Configuration from running. This strain of TeslaCrypt makes sure to remain in your system by making a copy of itself on your hard disk and creating a registry entry that points to the copy.

Several big  ransomware attacks were in the headlines in the mere four months since the turn of the year, and the situation is worsening. In case you want to protect yourself from becoming a victim of ransomware and any other threats that are hunting online, our “How to remove” team would advise you to stay informed about the new threats and follow the basic online security rules. It is a good idea to invest in a reputed anti-malware software now, than being sorry later. Please, share with friends and help them stay informed too. You can follow us on your favorite social channel and stay on top of the news with our tips and guides!