TeslaCrypt ransomware was visited surreptitiously by security researchers. The ESET researchers just played the role of an infected consumer and asked for the universal master decryption. They received this key along with a “Sorry” note. This enabled the researchers to make a free decryption key able to unlock all known variants of the ransomware. Posting the key effectively ended the TeslaCrypt business as we now know it … After all, what use is ransomware if anyone can decrypt it for free?
A few days beforehand, white hats from Kaspersky launched their new free decryption tool for all variants of the Cryptxxx ransomware. It was the latest saga in a tit-for-tat battle with the cybercriminals. Cryptxxx has primarily been distributed through infected ads that spread a varied combination of Trojans, exploit kits, and ransomware.
We understand the never-ending battle with Cryptxxx. But, the idea of the cybercriminals behind TeslaCrypt voluntarily posting their business keys on the door and shutting down still seems odd – but did happen last year with the tox ransomware.
Here are three purely theoretical reasons why TeslaCrypt said sorry:
Currently, there is a lot of speculation out there in the security world over the action from TeslaCrypt. But since we haven’t had a direct PR statement or feedback from the criminal group itself – all thoughts are still speculation.
The seeming demise of TeslaCrypt and Cryptxxx changes the landscape on the security battlefield but does not end the war – or the risks. As we know, there are many other ransomware groups such as Locky and Maktub out there. And, the crime business is very tough for them. Even among the bad guys, everybody wants “eat the cake” to, for example, directly contact the victims or operate ransomware as service.
But on the other hand, the security industry has learnt more than less how to handle the problems from the Angler Exploit kit, which was definitely one popular method for spreading ransomware.
Therefore this is no time to relax, to put down one’s guard, and to mindlessly open everything in your email box. Something new and something bad is going to come. I am quite sure we haven’t heard the last from the criminal group behind TeslaCrypt.