Hackers and criminals are devious, and clever. Just when you think a ransomware has faded away, it comes back to life in a scarier, new version.
It turns out a dangerous ransomware that encrypts your files, targets your backed-up files, and shuts down Windows functions like Task Manager is mutating and spreading fast. So you can avoid it, let's talk about how the newest version of TeslaCrypt, Version 4.1A, is spreading.
It starts with a phishing scam. You might get an email from an online retailer that's supposedly a shipping confirmation notice. There's a .zip file attached.
Note: Don't open any attachment, no matter what the extension, if you're not 100% sure who it's coming from. If Walmart, for example, supposedly sends you a delivery confirmation with an attachment, then call Walmart to confirm it's from them (hint: it isn't).
This TeslaCrypt attack is different from previous TeslaCrypts in the way it's spreading. Notably, as we told you, a previous version spread through content management systems like WordPress and Joomla that people use to update website content.
The problem is, this malware looks like it's a legitimate Windows operation, so it initially fooled some anti-virus programs.
TeslaCrypt shuts down some Windows operations, including Task Manager, Registry Editor, SysInternals Process Explorer, System Configuration, and Command Shell. It encrypts your files using AES 256 and attempts to delete your backed up files in Windows' Volume Shadow Copy.
Note: There's good news to report. Cybersecurity experts say the files that TeslaCrypt encrypts can be decrypted. If you've downloaded a TeslaCrypt decryptor, update it.