Tedcrypt Ransomware
The Tedcrypt Ransomware is an encryption ransomware Trojan that belongs to the Jigsaw family of ransomware. The Tedcrypt Ransomware is primarily designed to target computer users located in Turkey. The Tedcrypt Ransomware can be installed on a computer in many ways, the preferred being spam email attachments and through compromised Remote Desktop Protocol connections (RDP). Some computer users have reported becoming infected with the Tedcrypt Ransomware after downloading a bogus memo for the non-existent video game Half Life 3.
How the Tedcrypt Ransomware Infects a Computer
The Tedcrypt Ransomware is designed to encrypt the victim's files using the AES encryption. The Tedcrypt Ransomware also will disable the Windows recovery mechanisms, such as the Shadow Volume Copies and the System Restore points. The Tedcrypt Ransomware will mark the files compromised by its attack with the file extension '.tedcrypt,' added to the file's name. The Tedcrypt Ransomware's attacks will target the user-generated files, which may include files with the following file extensions:
.ebd, .jbc, .pst, .ost, .tib, .tbk, .bak, .bac, .abk, .as4, .asd, .ashbak, .backup, .bck, .bdb, .bk1, .bkc, .bkf, .bkp, .boe, .bpa, .bpd, .bup, .cmb, .fbf, .fbw, .fh, .ful, .gho, .ipd, .nb7, .nba, .nbd, .nbf, .nbi, .nbu, .nco, .oeb, .old, .qic, .sn1, .sn2, .sna, .spi, .stg, .uci, .win, .xbk, .iso, .htm, .html, .mht, .p7, .p7c, .pem, .sgn, .sec, .cer, .csr, .djvu, .der, .stl, .crt, .p7b, .pfx, .fb, .fb2, .tif, .tiff, .pdf, .doc, .docx, .docm, .rtf, .xls, .xlsx, .xlsm, .ppt, .pptx, .ppsx, .txt, .cdr, .jpe, .jpg, .jpeg, .png, .bmp, .jiff, .jpf, .ply, .pov, .raw, .cf, .cfn, .tbn, .xcf, .xof, .key, .eml, .tbb, .dwf, .egg, .fc2, .fcz, .fg, .fp3, .pab, .oab, .psd, .psb, .pcx, .dwg, .dws, .dxe, .zip, .zipx, .7z, .rar, .rev, .afp, .bfa, .bpk, .bsk, .enc, .rzk, .rzx, .sef, .shy, .snk, .accdb, .ldf, .accdc, .adp, .dbc, .dbx, .dbf, .dbt, .dxl, .edb, .eql, .mdb, .mxl, .mdf, .sql, .sqlite, .sqlite3, .sqlitedb, .kdb, .kdbx, .1cd, .dt, .erf, .lgp, .md, .epf, .efb, .eis, .efn, .emd, .emr, .end, .eog, .erb, .ebn, .ebb, .prefab, .jif, .wor, .csv, .msg, .msf, .kwm, .pwm, .ai, .eps, .abd, .repx, .oxps, .dot.
The Tedcrypt Ransomware changes the infected computer's desktop image so that it can display a ransom note written in Turkish. The following is a translation of this ransom note:
'OOPS, ALL YOUR IMPORTANT FILES WERE ENCRYPTED WITH TEDCryptOr !!!
But do not worry, you still have the chance to retrieve your files
Please follow the steps below to retrieve the password
Do not forget that you will not be able to recover your files,
Every delay Means 1 Deletion of Your File
WARNING: Removing the Software will not take your files away from you
THe Computer is Blocked, Restart, Hard Disk Format, Transferring Files to Another Disk or Changing the Extension Will not Save Your Files
The only solution to save the files is to pay, and you can trust us in this situation
BUT THERE ARE NO MORE VACCINES IF YOU DONT FOLLOW THESE INSTRUCTIONS YOU WILL LOSE ALL YOUR FILES IN 24 HOURS'
Protecting Your Data from Threats Like the Tedcrypt Ransomware
The best protection against threats like the Tedcrypt Ransomware, as well as other members of the Jigsaw family is to have file backups. Having file backups allows computer users to restore their files without having to contact the criminals or risk paying a ransom. Apart from file backups, computer users should have an up-to-date security program to intercept threats like the Tedcrypt Ransomware and prevent these attacks. A combination of file backups and anti-malware software can help keep your data safe from the Tedcrypt Ransomware and the many other encryption ransomware Trojans being used to attack computer users currently. It also is crucial to be aware of common delivery methods associated with threats like the Tedcrypt Ransomware and take precautions against them when browsing the Web.
