New TeslaCrypt Ransomware is Extremely Dangerous – Unless You’re Protected by Comodo

March 23, 2016 | By Comodo

The model is familiar:

Software developers work tirelessly to improve their product, releasing new versions to add new features or fix existing bugs, making their software as good as it can be.

Well, it turns out, malware creators have been taking notes.

When the notorious, and prolific, TeslaCrypt ransomware was released last year, it did a lot of damage, ingeniously spreading across the Internet like a plague of so many locusts, infecting computers, locking their files and holding them hostage for ransom. Eventually, the industry fought back with some clever reverse-engineered fixes eventually enabling infected users to avoid having to pay to get their locked files released. Whew. End of story, right?

Wrong.

TeslaCrypt is back in the news, as the TeslaCrypt creators have read the product development handbook, fixed their own bugs and shored up their weaknesses just like the good guys do. Now, the cybercriminals have released a new iteration (3.01) of their notorious TeslaCrypt ransomware which is even more dangerous, leaking even more information than the previous versions, and turning each infected computer into a node of a TeslaCrypt botnet.

Even more troubling is that, thanks to RSA 4096 encryption and the fact that the new version pulls the private key (needed to unlock your files) off of the infected machines back to a host server, it’s basically impossible to crack.

And that’s, interestingly, where Comodo wins.

Comodo’s Default Deny Platform will defeat all ransomware like TeslaCrypt and Cryptolocker by blocking all known malware variants, and automatically containing all unknown files (which may or may not end up being malware).

So even if the malware is extremely dangerous, with Comodo protection, it really doesn’t matter. The remarkable thing about Comodo’s containment system is that it allows all unknown files (good or bad) to run in containment while Valkyrie, our cloud-based verdict service delivers the quickest judgment in the industry. If deemed good, the file is released from containment. If the file is deemed bad, your system remains uninfected as the malware is blocked from accessing the resources and infrastructure that it needs to do its nasty business.

“Traditional attempts to isolate malware at the endpoint use default-allow thinking and sandboxing technologies, leaving the window open for patient zero to become infected,” said John Peterson, Vice President of Enterprise Products at Comodo. “Comodo’s approach is completely different – applying its patent-pending containment technology to the malware problem, which blocks all known bad files and allows all other executables – known good or unknown – to operate in a safe container. Comodo can then instantly analyze each executable and either allow it to pass (good file) or kill it (bad file), so performance is never impacted and most importantly, the endpoint and network always remain protected and secure.”

Comodo demonstrated our containment and advanced endpoint protection at RSA, to the point where the dreaded ransom note would appear in our green containment box making all sorts of threats and demands. Rather than pay the ransom, since our files weren’t actually locked, we simply deleted the nasty — but entirely ineffective — contained file. Something all of those folks out there without Comodo protection sincerely wish they could do.

Malware problem solved. Just a click or a call away.

For more information on the different types of malware, visit Comodo’s malware search engine at https://file-intelligence.comodo.com/

Be sure to watch the new malware movie trailer “In a World Where…. “ https://www.youtube.com/watch?v=AtjLTwDR8W0

If you want to protect your company’s IT environment from phishing, malware, spyware or cyberattacks, contact the Comodo security experts at https://enterprise.comodo.com/contact-us/?af=7566

Be Sociable, Share!

    Add new comment

    Your name
    Comment

    You may use these HTML tags and attributes: <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>