Some effective strategies to mitigate impact of ransomware infection

POSTED JULY 11, 2016

A special to USLAW NETWORK and USLAW DigiKnow

By Karen Painter Randall, Connell Foley LLP, Roseland, New Jersey


Since May 2016, the operators of the TeslaCrypt ransomware have shut down their command and control servers and released a master decryption key that will decrypt files infected with the TeslaCrypt ransomware versions 3.0 and 4.0.  Although it is unknown why the operators of the TeslaCrypt ransomware released the master decryption key, the key can be used with many existing open source decryption tools to recover files affected by all versions of the TeslaCrypt ransomware as well.

Instead of being sent to a screen that demands payment in order to decrypt infected files, victims now are being directed to a splash screen containing the master decryption key, which will decrypt files for free. According to the FBI, the master decryption key for the TeslaCrypt ransomware can decrypt files with the extensions of .micro, .ttt, .xxx, and .mp3.

Before the release of the master decryption key, TeslaCrypt was a ransomware virus that was distributed primarily through malicious email attachments.  Additionally, this virus was sent via a “drive-by” download attacks, or an unintentional download through a computer’s browser, application or operation system that has been comprised.

The TeslaCrypt ransomware was powered by the Angler Exploit kit. The Angler Exploit kit is a hacking tool that searches and exploits specific Adobe Flash and Microsoft Internet Explorer vulnerabilities for payload delivery to infect a victim’s computer with the ransomware. Once a computer was infected, the ransomware would encrypt specific files such as corporate and/or personal data, emails, documents, videos and proprietary company information, and generate a file containing instructions for the victim to follow to restore access to their data or risk complete loss of the data. In order to decrypt the victims infected and encrypted data, operators of the ransomware would demand one to three Bitcoins ($500-$1,800) from the victim.

Although the master decryption key has been released, the FBI is still encouraging victims of the TeslaCrypt ransomware to contact their local FBI field office and/or file a complaint with the Internet Crime Complaint Center (IC3), no matter the dollar lost or timing of the incident.

Some effective strategies to mitigate impact of ransomware infection include:

  • Ensure anti-virus software is up-to-date.
  • Conduct regular training and awareness exercises with all employees to ensure common understanding safe-browsing techniques and how to identify and avoid phishing attempts.
  • Implement a comprehensive data backup protocol and recovery plan to maintain copies of sensitive or proprietary data in a separate and secure location. Backup copies of sensitive data should not be readily accessible from local networks.
  • Scrutinize links contained in e-mails, and do not open attachments included in unsolicited e-mails.
  • Only download software—especially free software—from sites you know and trust.
  • Ensure application patches are up-to-date, to include Adobe Flash, Java, and Web browsers.

Designed & Developed by Peak Seven