Home Malware Programs Ransomware Tedcrypt Ransomware

Tedcrypt Ransomware

Posted: August 7, 2018

TThe Tedcrypt Ransomware is part of the Jigsaw Ransomware family of file-locking Trojans. Besides being capable of encrypting and blocking files automatically, it also may delete files under multiple conditions and create pop-up-based ransoming demands. Users should take precautions for keeping this threat from instigating any new attacks against their data, remove the Tedcrypt Ransomware with an anti-malware program of their preference, and restore any encrypted data through free solutions.

Getting Your Files into Trouble with Gaming

A threat actor is taking the code of the notorious Jigsaw Ransomware program and converting it into a Turkish-specific threat with a new theme for circulating. The distribution stage of this variant, the Tedcrypt Ransomware, uses the video gaming industry's publicity for gaining access to its victims' files by pretending that it's a demonstration of the third release in the Valve's Half-Life franchise. Any gamers assuming that the executable's name is accurate will lock most of their media files, as well as endanger them with permanent deletion.

The Tedcrypt Ransomware isn't the only Turkey-targeting variant of the Jigsaw Ransomware; malware analysts also can point out past threats, such as the Ramsey Ransomware and the '.justice File Extension' Ransomware, from the same family, that also attack this region of the world. As usual, most of the Tedcrypt Ransomware's changes revolve around updating the text of its ransom note and some of the other, cosmetic features. The rest of its content, such as its HTA pop-up and its file-deleting attack, appear functional.

The Tedcrypt Ransomware uses a non-consensual and concealed encryption routine for blocking files on the user's PC, including documents, pictures, and other, prominent formats of media. With the attack complete, it displays a slightly different version of the pop-up ransoming message which, instead of the Saw movie's mascot puppet, shows a teddy bear. Other than the ransoming instructions being in the Turkish language, malware experts identify few other alterations to the latter component, which still uses a countdown, a built-in payment UI, and asks for the Bitcoin cryptocurrency.

Giving a 'Game Over' Screen to Turkey's New Trojan

Based on its disguise, the Tedcrypt Ransomware is more likely than not of using file-sharing networks or fake software-hosting websites for circulating. Always scan your new downloads from all non-secure sources for any potential threats, and avoid illicit content, such as 'free' versions of premium games, cracks, or cheat-related tools, that often help distribute file-locker Trojans. Most of the symptoms of the Tedcrypt Ransomware infections are minimal until after your media is encrypted and locked successfully.

Because of the particular, deletion-related features of the Tedcrypt Ransomware's family, malware experts also advise against restarting your computer without any extra precautions. All PCs with potential Jigsaw Ransomware infections should reboot in ways that don't use the compromised system Registry, such as booting through a DVD or USB. Most anti-malware programs should delete the Tedcrypt Ransomware during its attempted installation, but can't recover any encrypted or deleted files.

There is a decryption service available for most versions of the Jigsaw Ransomware, but the application requires an additional update for the Tedcrypt Ransomware variant. However, any users following malware experts' recommendation of having a durable backup strategy in place shouldn't require searching for a third party's help, in any case.

Loading...