{"id":41958,"date":"2015-03-17T13:57:23","date_gmt":"2015-03-17T20:57:23","guid":{"rendered":"https:\/\/blogs.mcafee.com\/?p=41958"},"modified":"2025-06-06T01:29:43","modified_gmt":"2025-06-06T08:29:43","slug":"teslacrypt-joins-ransomware-field","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/teslacrypt-joins-ransomware-field\/","title":{"rendered":"Teslacrypt Joins Ransomware Field"},"content":{"rendered":"<p>A newly crafted ransomware, Teslacrypt, has arrived in the malware genre that encrypts user files using AES encryption and demands money to decrypt the files. This ransomware infects systems from a compromised website that redirects victims to a site running the <a title=\"Angler Exploit Kit\" href=\"https:\/\/securingtomorrow.mcafee.com\/mcafee-labs\/new-exploit-kits-improve-evasion-techniques\">Angler exploit kit<\/a>. (For more on Angler, read the <em>McAfee Labs Threats Report,<\/em> February 2015.) This ransomware, like many others, encrypts document files including text, pdf, etc. to force victims to pay a ransom to have their files restored.<\/p>\n<p style=\"text-align: center;\"><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/17.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-41959\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/17.png\" alt=\"1\" width=\"958\" height=\"420\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/17.png 958w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/17-300x132.png 300w\" sizes=\"auto, (max-width: 958px) 100vw, 958px\" \/><\/a><\/p>\n<p>Upon execution, this malware copies itself to the AppData\\Roaming\\ folder<strong>.<\/strong><\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>C:\\Users\\Administrator\\AppData\\Roaming\\iylipul.exe<\/li>\n<li>C:\\Users\\Administrator\\AppData\\Roaming\\key.dat<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li>C:\\Users\\Administrator\\AppData\\Roaming\\log.html<\/li>\n<\/ul>\n<p>Teslacrypt is compiled with C++. After executing, victims see the following window:<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/24.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-41963\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/24.png\" alt=\"2\" width=\"712\" height=\"643\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/24.png 712w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/24-300x271.png 300w\" sizes=\"auto, (max-width: 712px) 100vw, 712px\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p>The malware asks victims to follow certain steps to obtain the private key from the server to decrypt the encrypted files.<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/37.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-41965\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/37.png\" alt=\"\" width=\"964\" height=\"531\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/37.png 964w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/37-300x165.png 300w\" sizes=\"auto, (max-width: 964px) 100vw, 964px\" \/><\/a><\/p>\n<p>Teslacrypt uses the following icons to confuses users into thinking that this threat is the same as CryptoLocker. Earlier the malware&#8217;s icon was called Teslacrypt, but now it is called CryptoLocker.<\/p>\n<ul>\n<li>Windows XP<\/li>\n<\/ul>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/45.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-41983\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/45.png\" alt=\"4\" width=\"88\" height=\"74\" \/><\/a><\/p>\n<ul>\n<li>Windows 7<\/li>\n<\/ul>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/Capture.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-41984\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/Capture.png\" alt=\"Capture\" width=\"90\" height=\"93\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/Capture.png 90w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/Capture-32x32.png 32w\" sizes=\"auto, (max-width: 90px) 100vw, 90px\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p>The malware&#8217;s parent file creates another process and also starts a thread that performs other malicious activities on the system after resuming the thread. The name of the thread is the same as of the parent file. This variant also uses debugging functions to check the context of the thread.<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/55.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-41968\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/55.png\" alt=\"5\" width=\"723\" height=\"895\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/55.png 723w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/55-242x300.png 242w\" sizes=\"auto, (max-width: 723px) 100vw, 723px\" \/><\/a><\/p>\n<p>In the preceding screenshot \u201cGetThreadContext\u201d and \u201cSetThreadContext\u201d are the debugging functions that check the context of the thread.<\/p>\n<p>After creating the thread, the malware terminates the following running processes:<\/p>\n<ul>\n<li>ProcessExplorer<\/li>\n<li>Cmd.exe<\/li>\n<li>Regedit.exe<\/li>\n<li>taskmgr<\/li>\n<li>msconfig<\/li>\n<\/ul>\n<p>The malware then tries to delete shadow copies of the system through vssadmin.exe, so that the victim cannot return to previous system restore points. Also it targets the Zone.Identifier NTFS stream to delete the downloaded-files history from the system.<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/vss_2.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-42038\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/vss_2.png\" alt=\"vss_2\" width=\"352\" height=\"126\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/vss_2.png 352w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/vss_2-300x107.png 300w\" sizes=\"auto, (max-width: 352px) 100vw, 352px\" \/><\/a><!--more--><\/p>\n<p>We found the following strings in memory; these are the targeted file extensions that the malware will encrypt.<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/64.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-41970\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/64.png\" alt=\"6\" width=\"567\" height=\"776\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/64.png 567w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/64-219x300.png 219w\" sizes=\"auto, (max-width: 567px) 100vw, 567px\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<h2>Some of the affected games and gaming software:<\/h2>\n<ul>\n<li>Bethesda Softworks settings file<\/li>\n<li>F.E.A.R. 2 game<\/li>\n<li>Steam NCF Valve Pak<\/li>\n<li>Call of Duty<\/li>\n<li>EA Sports<\/li>\n<li>Unreal 3<\/li>\n<li>Unity scene<\/li>\n<li>Assassin&#8217;s Creed game<\/li>\n<li>Skyrim animation<\/li>\n<li>Bioshock 2<\/li>\n<li>Leagues of Legends<\/li>\n<li>DAYZ profile file<\/li>\n<li>RPG Maker VX RGSS<\/li>\n<li>World of Tanks battle<\/li>\n<li>Minecraft mod<\/li>\n<li>Unreal Engine 3 game file<\/li>\n<li>Starcraft saved game<\/li>\n<li>S.T.A.L.K.E.R. game file<\/li>\n<li>Dragon Age Origins game<\/li>\n<\/ul>\n<p>The malware sends the victims&#8217; information to its control server:<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/8_1.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-42032\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/8_1.png\" alt=\"8_\" width=\"426\" height=\"248\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/8_1.png 426w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/8_1-300x175.png 300w\" sizes=\"auto, (max-width: 426px) 100vw, 426px\" \/><\/a><\/p>\n<p>It also stores information about the encrypted files in HTML format for later use.<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/114.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-41974\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/114.png\" alt=\"11\" width=\"733\" height=\"309\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/114.png 733w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/114-300x126.png 300w\" sizes=\"auto, (max-width: 733px) 100vw, 733px\" \/><\/a><\/p>\n<p>We have seen the following network activity for this ransomware:<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/171.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-41988\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/171.png\" alt=\"17\" width=\"769\" height=\"553\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/171.png 769w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/171-300x216.png 300w\" sizes=\"auto, (max-width: 769px) 100vw, 769px\" \/><\/a><\/p>\n<p>The following table describes the commands sent to the control server:<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/122.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-41986\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/122.png\" alt=\"12\" width=\"689\" height=\"304\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/122.png 689w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/122-300x132.png 300w\" sizes=\"auto, (max-width: 689px) 100vw, 689px\" \/><\/a><\/p>\n<p>The encryption of this ransomware has not yet been cracked. The only apparent way to recover the files is to pay the ransom. (However, not all ransomware attackers decrypt files, even after receiving payment.) The attackers also offer &#8220;free&#8221; decryption, which is a fake offer.<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/131.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-41976\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/131.png\" alt=\"13\" width=\"1257\" height=\"286\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/131.png 1257w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/131-300x68.png 300w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/131-1024x233.png 1024w\" sizes=\"auto, (max-width: 1257px) 100vw, 1257px\" \/><\/a><\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/141.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-large wp-image-41978\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/141-1024x571.png\" alt=\"14\" width=\"1024\" height=\"571\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/141-1024x571.png 1024w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/141-300x167.png 300w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/141.png 1466w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/a><\/p>\n<p>The attacker demands a payment of either BTC1.5, or US$1,000 if victims use PayPal. The attacker prefers Bitcoins because they are harder to trace; thus payment by Bitcoin is cheaper than by PayPal.<\/p>\n<p>McAfee advises users to keep their antimalware signatures up to date at all times. McAfee products detect this threat as Ransom-Tescrypt! and Ransom-FXX!<\/p>\n<p>I would like to thank my colleague Lenart Brave, who helped research this malware.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A newly crafted ransomware, Teslacrypt, has arrived in the malware genre that encrypts user files using AES encryption and demands&#8230;<\/p>\n","protected":false},"author":674,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[1814,76,142,3952,180,4140],"coauthors":[3973],"class_list":["post-41958","post","type-post","status-publish","format-standard","hentry","category-mcafee-labs","tag-computer-security","tag-cybercrime","tag-tag-identity-theft","tag-internet-security","tag-malware","tag-quarterly-threats-report"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Teslacrypt Joins Ransomware Field | McAfee Blog<\/title>\n<meta name=\"description\" content=\"A newly crafted ransomware, Teslacrypt, has arrived in the malware genre that encrypts user files using AES encryption and demands money to decrypt the\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Teslacrypt Joins Ransomware Field | McAfee Blog\" \/>\n<meta property=\"og:description\" content=\"A newly crafted ransomware, Teslacrypt, has arrived in the malware genre that encrypts user files using AES encryption and demands money to decrypt the\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/teslacrypt-joins-ransomware-field\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2015-03-17T20:57:23+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-06T08:29:43+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/17.png\" \/>\n\t<meta property=\"og:image:width\" content=\"958\" \/>\n\t<meta property=\"og:image:height\" content=\"420\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"McAfee\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@McAfee\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"McAfee\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/teslacrypt-joins-ransomware-field\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/teslacrypt-joins-ransomware-field\/\"},\"author\":{\"name\":\"McAfee\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/47851fdb92fad9456152405839c92efa\"},\"headline\":\"Teslacrypt Joins Ransomware Field\",\"datePublished\":\"2015-03-17T20:57:23+00:00\",\"dateModified\":\"2025-06-06T08:29:43+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/teslacrypt-joins-ransomware-field\/\"},\"wordCount\":564,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/teslacrypt-joins-ransomware-field\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/17.png\",\"keywords\":[\"computer security\",\"cybercrime\",\"identity theft\",\"internet security\",\"malware\",\"Quarterly Threats Report\"],\"articleSection\":[\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/teslacrypt-joins-ransomware-field\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/teslacrypt-joins-ransomware-field\/\",\"name\":\"Teslacrypt Joins Ransomware Field | McAfee Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/teslacrypt-joins-ransomware-field\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/teslacrypt-joins-ransomware-field\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/17.png\",\"datePublished\":\"2015-03-17T20:57:23+00:00\",\"dateModified\":\"2025-06-06T08:29:43+00:00\",\"description\":\"A newly crafted ransomware, Teslacrypt, has arrived in the malware genre that encrypts user files using AES encryption and demands money to decrypt the\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/teslacrypt-joins-ransomware-field\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/teslacrypt-joins-ransomware-field\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/teslacrypt-joins-ransomware-field\/#primaryimage\",\"url\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/17.png\",\"contentUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/17.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/teslacrypt-joins-ransomware-field\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Teslacrypt Joins Ransomware Field\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/47851fdb92fad9456152405839c92efa\",\"name\":\"McAfee\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/1ffadfeeda1f4f9e7891a81f27a9ecf4\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/08\/Original-Logo-96x96.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/08\/Original-Logo-96x96.png\",\"caption\":\"McAfee\"},\"description\":\"We're here to make life online safe and enjoyable for everyone.\",\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/x.com\/McAfee\"],\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/mcafee\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Teslacrypt Joins Ransomware Field | McAfee Blog","description":"A newly crafted ransomware, Teslacrypt, has arrived in the malware genre that encrypts user files using AES encryption and demands money to decrypt the","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"Teslacrypt Joins Ransomware Field | McAfee Blog","og_description":"A newly crafted ransomware, Teslacrypt, has arrived in the malware genre that encrypts user files using AES encryption and demands money to decrypt the","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/teslacrypt-joins-ransomware-field\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_author":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2015-03-17T20:57:23+00:00","article_modified_time":"2025-06-06T08:29:43+00:00","og_image":[{"width":958,"height":420,"url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/17.png","type":"image\/png"}],"author":"McAfee","twitter_card":"summary_large_image","twitter_creator":"@McAfee","twitter_site":"@McAfee","twitter_misc":{"Written by":"McAfee","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/teslacrypt-joins-ransomware-field\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/teslacrypt-joins-ransomware-field\/"},"author":{"name":"McAfee","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/47851fdb92fad9456152405839c92efa"},"headline":"Teslacrypt Joins Ransomware Field","datePublished":"2015-03-17T20:57:23+00:00","dateModified":"2025-06-06T08:29:43+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/teslacrypt-joins-ransomware-field\/"},"wordCount":564,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/teslacrypt-joins-ransomware-field\/#primaryimage"},"thumbnailUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/17.png","keywords":["computer security","cybercrime","identity theft","internet security","malware","Quarterly Threats Report"],"articleSection":["McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/teslacrypt-joins-ransomware-field\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/teslacrypt-joins-ransomware-field\/","name":"Teslacrypt Joins Ransomware Field | McAfee Blog","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/teslacrypt-joins-ransomware-field\/#primaryimage"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/teslacrypt-joins-ransomware-field\/#primaryimage"},"thumbnailUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/17.png","datePublished":"2015-03-17T20:57:23+00:00","dateModified":"2025-06-06T08:29:43+00:00","description":"A newly crafted ransomware, Teslacrypt, has arrived in the malware genre that encrypts user files using AES encryption and demands money to decrypt the","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/teslacrypt-joins-ransomware-field\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/teslacrypt-joins-ransomware-field\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/teslacrypt-joins-ransomware-field\/#primaryimage","url":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/17.png","contentUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/17.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/teslacrypt-joins-ransomware-field\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"Teslacrypt Joins Ransomware Field"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/47851fdb92fad9456152405839c92efa","name":"McAfee","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/1ffadfeeda1f4f9e7891a81f27a9ecf4","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/08\/Original-Logo-96x96.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/08\/Original-Logo-96x96.png","caption":"McAfee"},"description":"We're here to make life online safe and enjoyable for everyone.","sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/x.com\/McAfee"],"url":"https:\/\/www.mcafee.com\/blogs\/author\/mcafee\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/41958","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/674"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=41958"}],"version-history":[{"count":2,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/41958\/revisions"}],"predecessor-version":[{"id":215172,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/41958\/revisions\/215172"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=41958"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=41958"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=41958"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=41958"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}