TeslaCrypt, like many of its ransomware cousins, doesn’t sleep on past success. Researchers at Endgame Inc., have found two updates for the cryptoransomware in the past two weeks that invest heavily in obfuscation and evasion techniques, and also target a host of new file extensions.
These samples, researcher Amanda Rousseau told Threatpost, were found in attachments of large-scale spam campaigns purporting to be shipping delivery notifications.
Version 4.1A has been in circulation for about a week, Rousseau said, and targets a wide range of the usual file extensions, plus a handful of news ones that merit notice: .7z; .apk; .asset; .avi; .bak; .bik; .bsa; .csv; .d3dbsp; .das; .forge; .iwi; .lbf; .litemod; .litesql; .ltx; .m4a; .mp4; .rar; .re4; .sav; .slm; .sql; .tiff; .upk; .wma; .wmv; and .wallet. The use of spam to move TeslaCrypt is also a departure from recent outbreaks where exploit kits were infecting WordPress and Joomla websites and silently loading ransomware onto co