March 18, 2016 By Larry Loeb 2 min read

The Cisco Talos Blog is caught in the middle of an ongoing cyber arms race. This time, it’s the bad guys who are upgrading the TeslaCrypt ransomware software that have the security experts concerned. Those malicious actors have gotten better at coming up with variations in the ransomware, which enable the malware to continue running as a functional criminal effort.

TeslaCrypt Ransomware Gets More Sophisticated

In the new TeslaCrypt 3.0.1, the bad guys don’t transmit certain key numbers in the same manner as previous versions. These values used to be sent in a way that allowed interception — if you were really clever about it. But now, the actors have smartened up. They can keep those prime numbers secured by using elliptic curve encryption known as ECDH.

According to the Talos blog, they are using a kind of cascaded version of the ECDH algorithm and AES encryption for coding the secret keys. The actors also apply a SHA-256 hash of the shared secret key as the symmetric encryption key.

In fact, this version of the ransomware resists decryption of these ECDH-based keys rather well. The crypto software has been hardened, and it has multiple infection vectors — so professionals should take this potential threat seriously.

From Bad to Worse

The way version 3.0.1 functions makes it much harder for a solution to show up and save your data, like what happened before with earlier TeslaCrypt infections. While it may take time for cybercriminals to fully adapt the most recent version of the ransomware, it’s poised to become a force to be reckoned with.

“It is in the top five of ransomware we see most often in our analysis systems,” Talos explained in its blog. “The core functionality of TeslaCrypt 3.0.1 remains the same as it continues to encrypt users’ files and then presents a message demanding the user to pay a ransom.” Unlike those former versions, however, security researchers have yet to discover a weakness in 3.0.1.

Until they do, the blog recommended users update their antivirus software regularly to stay ahead of threats. Instead of solely relying on decryption tools, organizations should focus on creating backups of important files and regularly updating those emergency records. While you’re at it, make sure they are not logically connected to the main systems in a way that would allow TeslaCrypt ransomware to infect the backup, as well.

More from

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

Protecting your digital assets from non-human identity attacks

4 min read - Untethered data accessibility and workflow automation are now foundational elements of most digital infrastructures. With the right applications and protocols in place, businesses no longer need to feel restricted by their lack of manpower or technical capabilities — machines are now filling those gaps.The use of non-human identities (NHIs) to power business-critical applications — especially those used in cloud computing environments or when facilitating service-to-service connections — has opened the doors for seamless operational efficiency. Unfortunately, these doors aren’t the…

Communication platforms play a major role in data breach risks

4 min read - Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools.When it comes to cybersecurity, communicating means more than just talking to another person; it includes any activity where you are transferring data from one point online to another. Companies use a wide range of different types of tools to communicate, including email,…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today