One way to make a new ransomware strain stand out is by giving it a fancy name. TeslaWare seems to be checking the right boxes in this regard, and the developer is putting a lot of work into the design aspect of this malware. Luckily, it appears the ransomware itself is not that much of a threat, despite the fancy looks. That being said, one should still be very wary of TeslaWare.
TeslaWare Looks Great but Falls a Bit Flat
It is not entirely surprising to see ransomware developers use popular brand names in their creations these days. A lot of people are familiar with Tesla, a company revolutionizing the car industry as we know it today. TeslaWare has nothing to do with Elon Musk or his company though, despite bearing the logo and overall design of the popular corporation. In fact, a lot of work has been put into making TeslaWare look “appealing” to criminals.
One can easily obtain TeslaWare from most darknet marketplaces right now. Obtaining such a sample will cost between 35 and 70 euro, which is relatively cheap. The developers also put together quite a beautiful marketing package for this ransomware, in the hopes of persuading more criminals to buy this new toolkit. Just because something looks professional does not mean it will behave in such a manner by any means.
The price difference can be explained rather easily as well. Interested buyers can customize the ransomware strain to suit their individual needs. The basic features include AES-256 encryption, a way to decrypt files after a payment is received, and the guarantee it will not be decrypted with standard tools. Moreover, it appears TeslaWare is capable of changing victims’ wallpapers, which is a nice feature to the right kind of people.
Unfortunately for the developer, most of these features are a blatant lie. It is certainly possible to decrypt TeslaWare, and it can be done with incredible ease. In fact, there will soon be a free tool for doing exactly that. There are quite a few coding flaws in the ransomware, which make it rather trivial to decrypt files again. Anyone who gets infected with TeslaWare should not pay the Bitcoin ransom under any circumstance. Also, make sure to check out BleepingComputer’s TeslaWare forum topic.
One thing that is rather troubling about TeslaWare is how it treats infected files. Even though it is perhaps one of the most inefficient types of malware to date, it can delete files when the ransom payment is not made in time. This is a very problematic development, as decryption of TeslaWare files can take hours or even days. Not knowing which files might be deleted will make some victims feel quite uneasy, to say the least.
More specifically, victims have 60 minutes to make the ransom payment before 10 random files are deleted. A new timer will begin, which ticks down from 72 hours. Should that timer reaches zero as well, the entire hard drive will be wiped clean. It appears victims are asked to pay around $100 worth of Bitcoin to restore file access. For the time being, TeslaWare is more of a nuisance than a threat. However, it is possible the developers may improve this malware, as it shows signs of how it can be used as a worm as well.
If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.