.tedcrypt files virus is a new iteration of Jigsaw ransomware.
Jigsaw, originally titled as “BitcoinBlackmailer” is a form of encryption ransomware was created in 2016. The ransomware was named Jigsaw based on the fact that the ransom note featured an image of of Billy the Puppet from the Saw film franchise. The malware is known to encrypt important user files which it deletes if the user fails to pay ransom to decrypt the files.
Unlike its other variants like Jigsaw ransomware, .tedcrypt files virus displays the image of a teddy bear on the screen of the victims instead of the killer from the movie “Saw” and displays a ransom note written in Turkish.
The ransom note declares that victims still have the chance to retrieve the files and threatens them to delete the files permanently if the ransom is not paid within 24 hours. The amount of ransom demanded by the cyber miscreants to receive the decryption key is not known yet.
The Ransom note also states that trying alternative methods to retrieve the files like Deleting the Software, Shutting down the Computer, Restarting, Hard Disk Format is not going to help. The only vaccination to retrieve the encrypted files is to have access to the decryption key.
However victims are advised not to fall in the trap as even after paying the ransom the probability of receiving the decryption key is null.
Also there is good news for you. The code of Jigsaw ransomware has been successfully cracked by security researchers and free decryption tool has been released for some of its variants. The decryption key would be updated for the .tedcrypt variant too and soon you will be able to restore the encrypted files.
.tedcrypt Files Virus is configured to target specific system Registry keys to achieve persistent installation. These keys may be Run and RunOnce.
These registry keys are responsible to manage automatic execution of all the programs that are essential for smooth system performance. Hence, adding malicious scripts under these sub keys enables this ransomware to achieve persistence as values stored by Run and RunOnce keys determine which files will be automatically executed on system boot.
Once the infection is in the system it resides in the major system folders including:
.tedcrypt crypto virus is known to utilize AES Cypher Algorithm to encrypt the files. The encrypted files are marked with .tedcrypt extension.
The files that this Jigsaw variant targets include:
.7zip, .txt,.asp, .cs, .java, .csv, .dat, .db, .doc, .docx, .dot, .gif, .jar, .jpeg, .jpg, .max, .mp3, .mp4, .mpeg, .msg, .pdf, .php, .png, .potm, .ppt, .rar, .sql, .xls, .xlsx, .xml,.zip and much more.
Hence all the valuable files are encrypted including:
The ransomware is distributed via various ways, one of the most common spread technique being spam email attachemts. In order to evade detection, the virus is coded to obfuscate from antivirus or any other protection software installed in the system.
The techniques used by cyber miscreants to spread the ransomware include:
Downloading spam email attachments or clicking on suspicious hyperlinks: This is the most prevalent distribution technique. In this malicious campaign cyber crooks attach malicious files in spam emails and in order to make users download it, the email is masqueraded to be legitimate delivered by popular brands, governmental institutions, private services, etc. that appear important and demand urgency such as:
In addition the email may contain a disguised hyperlink, click on which may direct user to malicious website and lead to the installation of .tedcrypt files virus.
Name: .tedcrypt files virus
Browsers Affected: Google Chrome, Internet Explorer, Mozilla Firefox
Targeted Operating System: Windows
Symptoms: User’s files are encrypted via AES Cypher Algorithm. All locked files are appended with “.tedcrypt” extension after the encryption and hence cannot be accessed by the user.
To restart the system to Safe Mode with Networking, if already switched ON then follow the below steps:
5 Click on the username and enter the password (if any).
Continue to follow steps 4 & 5 of Method 2 to restore the System Files and settings.
Once the system starts, ensure to use an account with administrative privilege to access Safe Mode with Command Prompt.
After the user enters admin credentials, Command prompt window is displayed wherein you are entitled to enter the below commands:
Subscribe to our newsletter today to receive updates on the Latest News and Threats.
The researchers at Virus Removal Guidelines are dedicated to track down the latest vulnerabilities which may infringe your system security. Our team of expert performs a detailed research about every malware infection before educating our users about the same.
Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.