Skip to main content

Flash exploit used to spread ransomware

There's a new version of the ransomware TeslaCrypt being distributed around, security researchers have warned last Friday.

According to a report by security firm Malwarebytes (opens in new tab), the Angler exploit kit was pushing through a new variant of TeslaCrypt, a ransomware Trojan.

Files are encrypted and appended with a .vvv extension, the researchers have said, adding that in order to recover those files, victims must pay $500USD or face the risk of seeing this amount double within less than a week.

"Your files are encrypted. To get the key to decrypt files you have to pay 500 USD. If payment is not made before 25/12/15 the cost of decrypting files will increase 2 times and will be 1000 USD”, the warning says.

The Angler EK uses a very recently patched flaw in Adobe Flash Player up to version (CVE-2015-8446), making it the most lethal exploit kit at the moment.

The same ransomware was recently seen on the blog of The Independent. Two weeks ago, security researchers Trend Micro warned that The Independent’s blog site was serving the TeslaCrypt.

If a user does not have an updated Adobe Flash Player, the vulnerable system will download the Cryptesla 2.2.0 ransomware (detected by Trend Micro as RANSOM_CRYPTESLA.YYSIX).”

The malware then changes the extension of encrypted files to “.vvv”.

TeslaCrypt is a ransomware Trojan known for targeting computer games, most notably Call of Duty, World of Warcraft, Minecraft and World of Tanks, and encrypting its game files. The victim is then prompted with a ransom of $500 worth of bitcoins in order to obtain the key to decrypt the files.

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.