Apple might be currently talking about its unbreakable encryption and how it's a good thing for privacy, but the FBI ruing it. The privacy arguement certainly stannds up to scrutiny, but strong encryption can also be used as a weapon, as demonstrated by countless examples of ransomware. There are numerous breeds of ransomware out there, but one of the most prolific is TeslaCrypt.
It's just a year since the first version of TeslaCrypt appeared on the scene, and it's gone through various updates and iterations over the ensuing months. Now it's hit version 4 and as well as continuing to threaten victims with sharing their files online, it also boasts what is being referred to as 'unbreakable encryption'.
Heimdal Security warns that not only is the ransomware more powerful than ever, it has also been patched with a number of 'bug fixes'. This means that it is now better equipped to deal with very large files, while the use of RSA 4096 means that recovery of data is completely impossible. Specialists at Heimdal Security say that the previously-reliable TeslaDecoder tool is now worthless.
Until now, files larger than 4 GB would get permanently damaged when encrypted. As another improvement, this is no longer an obstacle for the attackers.
In the case of data compromise, only two options remain: to restore the data from a secure backup or to pay the ransom (which we don't recommend).
The latest version of the ransomware leaks even more information to remote server than previous releases. Heimdal Security says:
Once the malicious code is run, the attackers can extract even more data than before from the local machine. The harvested data is then compiled into a unique key, while, at the same time, the ransomware will recruit the affected PC into a central botnet.
The collected data includes: 'MachineGuid' (a unique identifier pertaining to every PC), 'DigitalProductID' (the Windows operating system key) and 'SystemBiosDate' (the current time of the affected PC).
Similarly to previous campaign, TeslaCrypt 4 is being dispersed through drive-by attacks carried out using the Angler exloit kit infrastructure. Over 600 domains spreading Angler have been blocked today and the daily average is predicted to increase to up 1200 domains per day, on average.
The speed with which TeslaCrypt is being developed is worrying, and it seems all but impossible for anti-malware tools to keep pace. In the event of infection, the only real recourse is to fall back on a backup, so the advice would be to make sure that one exists and is kept up to date. This of course does nothing to mitigate against the damage following the leaking of private data, whether it belongs to an individual or a company.
Photo credit: ronstik / Shutterstock