As the current wave of ransomware rages on, one stands out in its ability to adapt: TeslaCrypt. Although it emerged only in 2015, we are currently witnessing the malware’s third generation. Since its debut, it has transformed itself, fixing its flaws and vastly improving its ability to evade detection. It has also expanded its distribution methods, which now include using exploit kits.
As part of our ongoing efforts to understand and protect against the latest new and emerging malware, Check Point researchers have thoroughly studied TeslaCrypt version 3.0.1. Our report, Looking Into TeslaCrypt V3.0.1, provides a detailed analysis of the malware and its operation and presents several techniques which can be used to detect and block TeslaCrypt’s operation – before it is too late.
Generation 3.0 introduces an important new feature, allowing it to encrypt offline without having to use C&C communications to do it. This allows it to operate with relative ease, free from the fear of security measures detecting and blocking the C&C communications before it has completed its operation. TeslaCrypt 3.0.1 also maintains a low profile by executing on low priority applications and closing suspicious ones to avoid detection, showcasing malware writers desire to ensure that the malware runs as long as possible in order to maximize its results.
The following Check Point products provide comprehensive protection against all stages of the infection chain used by TeslaCrypt: