TeslaCrypt 3 might be the most dangerous ransomware in the wild

By JC Torres/March 18, 2016 6:30 am EST

Software developers usually, or at least should, quickly work to patch up security holes that could be exploited to the detriment of their users. It seems almost ironic but also expected that the very same mentality and process would be used by those who write malware in order to plug up the holes in their own software. The end result is, of course, a more robust malware that is even harder to crack and fight. That does seem to be the case with TeslaCrypt 3, the latest version of a ransomware that is now proving to be impossible to crack.

Ransomware isn't actually new, but the rate of their growth and spread has increased in the past few years. They have spread beyond the usual PC target to even smartphones. Considering the amount of data users generate each day even on their mobile devices, those become a goldmine for hackers and malware writers. In essence, ransomware encrypts a users' files, without his or her knowledge of course, and then demands a certain sum in exchange for decrypting those files.

As the number says, TrueCrypt is already in its third major iteration, with 3.0.1 the most current one in existence. Previous versions of the ransomware have already been cracked, and various tools have been made available to rescue affected users without having them pay anything at all. Anti-malware software have also been updated to better detect and disrupt this particular malware.

TrueCrypt 3, however, fixes a critical flaw in its encryption process. Previous versions would hide an important key to decrypting the files somewhere in the local computer, making it possible to decrypt them eventually. In version 3, however, those keys, which are randomly generated, are all deleted on the local computer. Only the C&C server, in other words the ransomware distributor, has access to those.

This makes creating any tool to decrypt files virtually impossible. Until such a tool is developed, which is said to be highly unlikely, infected users are left with no other recourse than to pony up the cash to rescue their precious files.

SOURCE: Cisco Talos