Living in the connected future, software is never broken for long. If you buy a program or an app or a video game that doesn’t work as intended, the developers now have the ability to send out a patch within a matter of days or even hours.
But there’s a downside to software patches being relatively easy to roll out. It means that hackers can fix the malware they distribute after security experts find workarounds, which is exactly what happened in the case of TeslaCrypt.
If you’ve never heard of TeslaCrypt, the Cisco Talos Security Intelligence and Research Group describes it as one of the most common variants of ransomware on the Internet. Once it finds its way on to your computer, it attempts to “encrypt users’ files and then presents a message demanding the user to pay a ransom.”
As Cisco explains, the security community managed to disrupt its distribution mechanisms and develop improved detection methods, but the hackers saw this as a roadblock to overcome, and now TeslaCrypt 3 has made its way out into the wild.
Here’s why the new version of the ransomware is so dangerous: “The former variant had a weakness in its way to store the encryption key, which enabled researchers to provide a tool for decryption of the files encrypted by TeslaCrypt,” Cisco’s Andrea Allievi and Holger Unterbrink write on the Talos blog. “Unfortunately, so far we are not aware of any tool which can do the same for this variant of TeslaCrypt.”
In other words, if you get hit by TeslaCrypt 3.0.1 (the latest version of the ransomware at the time of writing), you either have to pay the ransom or restore your computer from a backup.
“We can not say it loud and often enough, ransomware has become the black plague of the internet, spread by highly sophisticated Exploit Kits and countless spam campaigns,” Cisco concludes. “The adversaries are modifying and improving it in every version. Anyone can become a victim if you are hit by a new version, as yet undetected by your AV software. Don’t rely on decryption tools, make sure you have BACKUPS and that they are up to date.”