TESLACRYPT

-

TeslaCrypt also know as EccKrypt is one of the ransomwares that is widely seen . It encrypts certain files and demands ransom to decrypt the files. TeslaCrypt uses AES symmetric algorithm to encrypt files. Teslacrypt 4 features RSA algorithm for encrypting data.
TeslaCrypt evolved from a ransomware targeting gamers, but this is not only a  severe threat, but also one that is capable of far wider data leakage.
The first version of TeslaCrypt emerged in March 2015, then TeslaCrypt2.0 was launched in November 2015.They launched TeslaCrypt 3.0 in January 2016, and now the fourth version is out.
TeslaCrypt is spread using exploit kits such as Angler exploit kit, Neutrino exploit kit.
Using Angler, Adobe flash is exploited then it downloads TeslaCrypt as a payload.
Using Neutrino, it redirects users to malicious pages that hosts exploit files targeting various vulnerabilities. Once exploited, it delivers a Trojan downloader and executes it on the victim’s machine. Then the payload starts generating random domain names and connects to a remote server. The target machine then receives 404 error page along with a download link that delivers TeslaCrypt variant from the remote server. After execution, TeslaCrypt encrypt the files.
After encrypting the files, it renames them. Below are some of the extensions we have seen so far:
•        .encrypted
•        .ecc
•        .ezz
•        .exx
•        .ccc
•        .ttt
•        .micro

Apart from having your antivirus, following things help prevent ransomware infections.
1.       Back up your files.
2.       Apply windows and other software updates regularly.
3.       Avoid clicking untrusted email links or opening unsolicited email attachments.
4.       Disable ActiveX content in Microsoft Office applications such as Word, Excel, etc.
5.       Install a firewall, block Tor and I2P, and restrict to specific ports.
6.       Disable remote desktop connections
7.       Block binaries running from %APPDATA% and %TEMP% paths.

Comments

Post a Comment

Popular posts from this blog

INSTALL TIGHTVNC ON KALI LINUX RASPBERRY PI

-
Image
Install TightVNC server using the following command apt-get install tightvncserver Run VNCserver to generate the configuration files. vncserver :1 VNC sessions are not linked to Linux user authentication.It is just protected by a password.So, it is better to change your password. Change your password using vncpasswd Run the command to check the VNC connection netstat -tupln Use a VNC application such as VNC CONNECT and login using the PI's IP Address. Download the  VNC CONNECT   To run VNC over SSH, we can create a SSH tunnel. Start your VNC server vncserver :1 -geometry 1280x800 -depth 16 -localhost -nolisten tcp -locahost option will ensure VNC port is listening only on local interface. -nolisten tcp - X Server will not listen on the network. Now, create a SSH tunnel  ssh -L 5901:localhost:5901 -N -f <user>@<ip> Any connection to this port will be tunneled by SSH. ENABLE AT STARTUP To enable VN
Read more

ENABLE AUTOSTART FOR X11VNC

-
Image
ENABLING AUTOSTART FOR X11VNC ON KALI LINUX RASPBERRY PI TO INSTALL VNC check my last post INSTALL X11VNC ON KALI LINUX RASPBERRY PI   O nce you've started the service, it'll run until you stop it or reboot. To Autostart it during BOOT , follow these steps. Create a file "sharex11vnc" in the directory /usr/local/bin Open a terminal, type cd /usr/local/bin this will take you to that directory. To create a file, type nano sharex11vnc Enter the following,   #!/bin/sh x11vnc -ncache 10 -auth guess -repeat -nap -loop -forever -rfbauth ~/.vnc/passwd -desktop "VNC ${USER}@${HOSTNAME}"|grep -Eo "[0-9]{4}">~/.vnc/port.txt # comment this out if you dont want a pop up telling you which port you're using zenity --info --text="Your VNC port is 'cat~/.vnc/port.txt'" press Ctrl+x then press "y" then hit Enter . This will save the file. This script will run the x11vnc during boot. Once t
Read more

INSTALL X11VNC ON KALI LINUX RASPBERRY PI

-
Image
Once your PI is  configured, update it.  apt-get update  apt-get upgrade After everything is updated, install x11vnc by typing apt-get install x11vnc  After it is installed, set up a password to connect to your PI. Type, x11vnc -storepasswd Enter your password and press enter and you're done. To connect through vnc, first you need to start the service.Type the following command to start it. x11vnc -ncache 10 -auth guess -nap -forever -loop -repeat -rfbauth /root/.vnc/passwd -rfbport 5900 -noncache Use a VNC application such as VNC CONNECT and login using the PI's IP Address. Download the VNC CONNECT   https://www.realvnc.com/download/vnc/ CHECK MY   ENABLE AUTOSTART FOR X11VNC    TO AUTOSTART IT DURING BOOT
Read more