Skip to main content

Flash exploit used to spread ransomware

There's a new version of the ransomware TeslaCrypt being distributed around, security researchers have warned last Friday.

According to a report by security firm Malwarebytes, the Angler exploit kit was pushing through a new variant of TeslaCrypt, a ransomware Trojan.

Files are encrypted and appended with a .vvv extension, the researchers have said, adding that in order to recover those files, victims must pay $500USD or face the risk of seeing this amount double within less than a week.

"Your files are encrypted. To get the key to decrypt files you have to pay 500 USD. If payment is not made before 25/12/15 the cost of decrypting files will increase 2 times and will be 1000 USD”, the warning says.

The Angler EK uses a very recently patched flaw in Adobe Flash Player up to version (CVE-2015-8446), making it the most lethal exploit kit at the moment.

The same ransomware was recently seen on the blog of The Independent. Two weeks ago, security researchers Trend Micro warned that The Independent’s blog site was serving the TeslaCrypt.

If a user does not have an updated Adobe Flash Player, the vulnerable system will download the Cryptesla 2.2.0 ransomware (detected by Trend Micro as RANSOM_CRYPTESLA.YYSIX).”

The malware then changes the extension of encrypted files to “.vvv”.

TeslaCrypt is a ransomware Trojan known for targeting computer games, most notably Call of Duty, World of Warcraft, Minecraft and World of Tanks, and encrypting its game files. The victim is then prompted with a ransom of $500 worth of bitcoins in order to obtain the key to decrypt the files.