Trojan.TeslaCrypt is ransomware that encrypts files saved on the machine and demands payment of a ransom in order to obtain the decryption key needed to restore normal access to the affected files.
F-Secure detects ransomware using a variety of signature and generic detections. Once detected, the F-Secure security product will automatically remove the file.
If the ransomware uses encryption to take files or an entire system hostage, the encryption may be sufficient to make it very difficult to decrypt the files without the necessary decryption key.
In such circumstances, the recommended course of action is to report the crime to the relevant authorities and restore the affected data from a recent clean backup.
A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:
Check for the latest database updates
First check if your F-Secure security program is using the latest updates, then try scanning the file again.
Submit a sample
After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.
Note: If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.
Exclude a file from further scanning
If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.
Note: You need administrative rights to change the settings.
Users typically encounter TeslaCrypt ransomware by being exposed to an exploit kit (usually by visiting a compromised website, or by being redirected to a malicious one). If the kit successfully exploits the user's machine, it will download the ransomware.
Once it is run, the TeslaCrypt ransomware will search for and encrypt files saved on any accessible drives on the user's machine. The type of files targeted will depend on the specific malware variant.
Older TeslaCrypt variants search for and encrypt data files related to popular computer games. Newer variants are less restricted and will encrypt documents, images and many other file types.
Older TeslaCrypt variants encrypted the targeted files using a weaker encryption algorithm that can be broken; multiple parties have created decryption tools to do so (for more information, see ZDNet: TeslaCrypt flaw opens the door to free file decryption) .
Newer variants no longer have the flaw that allows the decryption tools to work, making it almost impossible to recover the affected files without the decryption key.
Once the files are encrypted, a text file containing the ransom demand is saved on the system. In some variants, the desktop background is also changed to display the demand. The file will provide instructions on how to pay the ransom demanded.