DETECTION, TECHNICAL ANALYSIS AND SOLUTION OF TESLACRYPT RANSOMWARE VIRUS

Although the rapid developments in information technologies have facilitated numerous things in the lives of Internet users, these developments also allow malicious people to reach their goals faster. Malicious software that completely drift away from their initial design goal are now being designed by professional criminals for a wide range of applications from cyber terrorism to ransom demands. These criminals reach their goals easily by developing a variety of methods and tactics, and the possibility of being exposed to this situation becomes the worst nightmare for the users. Recently, a new generation of Ransomware, known as TeslaCrypt, has begun to be seen worldwide. TeslaCrypt reaches users through e-mail and encrypts many files in the system after execution of its payload found in the e-mail attachment. It demands ransom to allow access to encrypted files of the user. Although there are continuing works to find a solution to this problem caused by TeslaCrypt, there is still no definitive solution. This study discusses the detection of TeslaCrypt threat, and technical analysis on its infiltration into the target system and file-directory actions in the system and solution. The analysis has been performed by both static and dynamic methods. As a result of the study, it was shown that the passwords caused by the ransomware virus broke the password