New Ransomware, Telecrypt, Released Into the Wild
A new ransomware variant was recently found. BleepingComputer reported the variant, named Telecrypt, requires an internet connection to infect computers. Telecrypt uses Telegram and command and control servers to execute its infection. To infect PCs the ransomware requires a binary to launch. Upon launch, and there is a confirmation process of the Telegram to ensure its availability. Then, the infected computers are assigned an ID. Encryption occurs, and the PC files are then locked. The ransom demand for this particular variant is 5,000 rubles, or $80 USD. Since the ransom note is written in Russian, it is believed the variant originated in Russia.
The good news is, PC Matic subscribers are protected from Telecrypt. As stated above, in order to infect the PC, a binary must launch. Since the binary is not a trusted program, PC Matic’s SuperShield would not allow it to execute.