TeslaCrypt looks like AlphaCrypt Malware uses TOR to transfer ransomware

AlphaCrypt Crypto-Malware the actual mind blower is that it Looks like TeslaCrypt and acts like CryptoWall.

the latest piece of ransomware with new and improved file encryption capabilities has been discovered by security researchers, it was also known that it is somewhat similar in some measures from the rest of the two crypto-malware, TeslaCrypt and the recently notorious CryptoWall.

Dubbed AlphaCrypt, the malware works by sending out a random virus message to the users which cons them into believing that their files have been encoded with TeslaCrypt, but a decryption tool has already been developed by the researchers at Cisco.

A single Variant product of AlphaCrypt malware is now being distributed through Angler exploit kit, which was previously being hosted by destinazione.grippertires.net.

Shadow copies removed also decryption service is a no show in “Tor”:

The security experts at Webroot came up with some slight variations so they decided to set them apart and brand them as a whole new family altogether. Amongst such variations is AlphaCrypt’s capacity to delete the file backup copies generated by Windows via the Volume Shadow Copy Service (VSS).

Image Source: Webroot.com

This routine guarantees that the encrypted files are incapable of recovery until the ransom fee is fully paid up by the user. As it is a known fact that payment options depend upon their similarity with the recent discovery of variants. Bitcoin through layered tor browsing is activated without using a monetary rule such as Ukash or money pak, this also enables the program authors to capitalize on their earning power and that too without losing their anonymity.

Image Source: Webroot.com

Now they can carry out the procedure with ease to just take the full ransom amount and make it pass through a bitcoin mixer that will only use sophisticated algorithms to work it through millions of addresses and entirely ‘clean’ the money,” free it from any virus as its mentioned by Webroot’ Tyler Moffitt.

“Payment is similar to recent variants – bitcoin through layered tor browsing. Not using a money mule like ukash or moneypak allows the authors to maximize thier earning power and anonymity. They can just take the full ransom amount and put through a bitcoin mixer that will use sophisticated algorithms to scramble it through millions of addresses and completely ‘clean’ the money.”

We deliver top notch Proxies but may still need Tor browser:

It is not conditional for the Victims to install the Tor browser in order to access the payment website set up in Tor super anonymity network, as the cybercriminals employ services that are an intermediary link to the secret server right out of the regular Internet.

Nevertheless, the addresses listed in the ransom message may not always work as they should, and the end user will be inclined to install Tor browser to get access to the decryption page.

Moffit believes that the construction with CryptoWall co-exist in case that AlphaCrypt generates new illustrations of common window processes for the common encryption routine (advertises the RSA cryptosystem with a 2048 key).

The variances detected by the researchers from Webroot agree with Brad Duncan findings which he published on his Malware-Traffic-Analysis blog, he also persists that AlphaCrypt is actually a clone of TeslaCrypt, which in itself is a clone of CryptoWall.

In past, the TeslaCrypt ransomware was found targeting online gaming users.

Safeguarding from this threat will require an updated antivirus product, but this will not suffice if a new variant surface. To avoid this risk, users are recommended to create backups for their files (at least for the most vital ones) and pile them in a safe place, which is either completely detached from the main computer or come with resilient access restrictions.

Related Posts