MSRT September 2015: Teerac

As part of our ongoing effort to provide better malware protection, the September release of the Microsoft Malicious Software Removal Tool (MSRT) will include detection for the prevalent ransomware family Win32/Teerac.

We first detected Teerac in early 2014. Since then, the family has joined Win32/Crowti and Win32/Tescrypt as one of the most prevalent ransomware families impacting our home and enterprise customers.

Figure 1: Teerac encounters since April 2015

Figure 2: Countries most affected by Teerac infections

Teerac is usually downloaded and installed from malicious spam email attachments. The malware tries to encrypt files on the infected PC using Advanced Encryption Standards (AES). It asks for a ransom payment using Bitcoins (equivalent to about USD 500) for the supposed “decryption software”.

Encrypting ransomware families such as Teerac have proven their ability to form part of a business model for malware authors, and as a result we see some samples updated on an almost daily basis in an attempt to evade antimalware detections.

Our malware encyclopedia entry for Win32/Teerac has more details about this malware family.

By adding Teerac to the MSRT we hope to have a bigger impact and reach more affected machines and help remove this threat. However, as with all malware, prevention is the best protection.

Backup your important files

It’s a good idea to back up your important files with a cloud storage service such as OneDrive. OneDrive is integrated into Windows 10 and Windows 8.1.

After you've removed a ransomware infection from your PC, you can restore previous, unencrypted versions of your Office files.

Stay protected

To help stay protected from this and other threats we recommend running up-to-date real-time security software such as Windows Defender for Windows 8.1 and Windows 10.

We also recommend you:

For more tips on preventing malware infections, including ransomware infections, see:

Comments (0)

Skip to main content