Don’t pay the criminals for decrypting .mp3 files locked by Teslacrypt 3.0

Teslacrypt 3.0 has provided another release. The introduction features no significant differences from the point of view of a security researcher. However, the users who have been unfortunate to become victims of the scam report quite obvious novelties. The issue is the virus is now adding new appendixes to affected files.

The affected files have their native extension removed. Instead, the mp3 extension appears. For instance, any ‘.doc’ file acquires ‘.mp3’ extension, its native appendix discarded.

Another change is the new name of the ransom note:

_H_e_l_p_RECOVER_INSTRUCTIONS+[3-characters].png

_H_e_l_p_RECOVER_INSTRUCTIONS+[3-characters].txt

_H_e_l_p_RECOVER_INSTRUCTIONS+[3-characters].HTML

There are no other distinct traits. The ransom note sticks to the same language. It demands from a victim a payment to be made in Bitcoins. Unless the payment is made, the files encrypted cannot be decrypted. Unfortunately, the ransomware fulfills its threat.

That shall not whatsoever encourage the victims to pay any money to the crooks. Instead, they are advised to resort to the recovery options and get rid of .mp3 file extension virus aka Teslacrypt 3.0.

Sadly enough, every now and then the victims of the ransomware opt for paying the ransom demanded. That does not guarantee the data recovery.

The makers of the ransomware do not propagate their virus themselves. They share the virus among affiliates. The affiliates are only to pay the commission. Rumors have it that the amount to be paid to. mp3 file extension Teslacrypt 3.0 developers by the ultimate droppers does not exceed 20% of the total ransom claimed.

The distributors handle the malware propagation. They are often far from being high skill hackers. However, the ransomware developers provide those so called ‘script kiddies’ with the ransomware available for advanced customization. The modifications made by a particular distributor often disable the application of the decryption key to be purchased.

That further suggests the prevalence of ransom-free recovery over transferring the ransom amount to the crooks.

For the cyber police, the distribution network considerably complicates the detention of the ransomware developers. That is, as the developers of .mp3 file extension virus aka Teslacrypt 3.0 distribute the virus through unrelated affiliates, even if one of the infection vector gets detected and processed and points to the malware dropper, the developers remain far away from the reach of the cyber police.

Sticking to regular backups is good. That would keep the recent copies of data intact. As spam dominates the ransomware propagation, please do not open unverified attachments.

If you have been unfortunate to get the virus onboard, do not abandon the removal of .mp3 file extension virus aka Teslacrypt 3.0. Failure to get rid of .mp3 file extension Teslacrypt 3.0 ransomware may be followed by further attempts of the virus to harm your computer system.