New TeslaCrypt Ransomware sets its scope on video gamers

Teslacrypt virus attacks the computers which has specific games installed. the virus attacks the private data of the user and then ask for ransom in return.
Here in this link you can find the process of removal of Teslacrypt virus.<removed>

Mod Edit by quietman7: link to non-Bleeping Computer malware removal guide removed or disabled per this policy.

We got hit 4/7 by what appears to be a variant of TeslaCrypt.  It completely encrypted the offending workstation, went after a large mapped share on a Windows server and found a insecure Samba share that was not mapped or used at all by that workstation so I assume it scanned the subnet for insecure shares and found a weakness.  In any case, The damage was caught fairly quickly and we DO have current backups so the damaged files were quickly restored and the offending workstation has nothing of value on it so I'll just wipe it and reinstall.

No real harm done because of the backups but it sure woke me up and is causing some sleepless nights worrying have I REALLY eradicated it from my network.  Amusing the offending workstation is completely wiped, is there anything else I should be watching out for, looking for worn like or other behavior that would have attempted to actually compromise or run on a server or other workstation rather than just encrypting a share over the network.

I've secured the insecure Samba share and set the Group Software Restriction Policies recommended in the Information Guide and FAQ here, as well as making sure everything that should be updated is updated.

FWIW I uploaded the exe file here.

https://virustotal.com/en/file/3570a4ca9a3ebd1b45df61a0ef5b476e26f35ba03dbd114e8192fa6b81b0cd71/analysis/1460209365/

The encrypted files had no change in file names or added extension
Each folder had three files with the ransom demand.
-!RecOveR!-wqxwn++.Png
-!RecOveR!-wqxwn++.Txt
-!RecOveR!-wqxwn++.Htm

Backups work!!!    My main concern is being sure I am REALLY rid of it on the network.

TeslaCrypt 4.0 will leave files (ransom notes) with names like RECOVER+[random].TXT, RECOVER[5-random].TXT, recover_file.txt, _rEcOvEr_[5-random].txt, +-HELP-RECOVER-+[5-random]-+.txt, +REcovER+[5-random].txt, -!RecOveR!-[5-random]++.txt, {RecOveR}-[5-random]__.txt.

Crypto malware ransomware is typically programmed to automatically remove itself...the malicious files responsible for the infection...after the encrypting is done since they are no longer needed. Unfortunately, most victims do not realize they have been infected until the ransomware displays the ransom note and the files have already been encrypted. As such, they don't know how long the malware was on the system before being alerted or if other malware was installed along with the ransomware. If other malware was involved it could still be present so be sure to perform full scans with your anti-virus.

If your antivirus did not detect and remove anything, additional scans should be performed with other security programs like Malwarebytes Anti-Malware and Emsisoft Anti-Malware. You can also supplement your anti-virus or get a second opinion by performing an Online Virus Scan...ESET is one of the more effective online scanners.

Support for TeslaCrypt 3.0/4.0 is provided in this topic where you can ask questions and seek further assistance.

• TeslaCrypt 3.0/4.0 .XXX, .TTT, .MICRO, .MP3 Support Topic

TeslaCrypt has closed its doors and released the master decrypt key. BloodDolly has already updated his tool so it can now decrypt all files encrypted by TeslaCrypt 3.0 and 4.x. More info here:

http://www.bleepingcomputer.com/news/security/teslacrypt-shuts-down-and-releases-master-decryption-key/

TeslaCrypt has closed its doors and released the master decrypt key. BloodDolly has already updated his tool so it can now decrypt all files encrypted by TeslaCrypt 3.0 and 4.x. More info here:

http://www.bleepingcomputer.com/news/security/teslacrypt-shuts-down-and-releases-master-decryption-key/

Thank you very much for this update!

Please also update the first post of this topic.

Un grand merci à toute l'équipe!!!

Je vais essayer de récuperer mes fichiers avec TeslaDecoder   

...Please also update the first post of this topic.

A note has been added.

TeslaCrypt has closed its doors and released the master decrypt key. BloodDolly has already updated his tool so it can now decrypt all files encrypted by TeslaCrypt 3.0 and 4.x. More info here:

http://www.bleepingcomputer.com/news/security/teslacrypt-shuts-down-and-releases-master-decryption-key/

 

I have tired the tesladecoder but it was reported that the encrypt key is a different one...seems something wrong happens with my case?

Decryption instructions for all victims of TeslaCrypt 3.0/4.x are provided by BloodDolly here.

If you still need assistance, support for TeslaCrypt 3.0/4.0 is provided in this topic.

• TeslaCrypt 3.0/4.0 .XXX, .TTT, .MICRO, .MP3 Support Topic