TeslaWare Ransomware might show you two different messages asking to pay a ransom in two separate accounts. Our researchers say such situation is rather unusual and it could be that the malware’s creators are either seeking to receive two payments or simply have made a mistake. Either way, paying the ransom is not something we would advise you to do. There are no guarantees or refunds, and since the price is quite hefty, especially if you combine the demanded sums, the risk might be too huge. The malicious application may encrypt a lot of important files, but there might other ways to get them back, e.g. switching locked files with their copies located on removable media devices, cloud storage, etc. Another thing we would recommend is the TeslaWare Ransomware’s removal. As long as it remains on the computer it still could be a threat to the system; thus, we encourage users to erase it with the instructions located just below the article.
The malicious application could enter the system with any suspicious downloaded file, such as malicious software installer, fake update, infected email attachment, and so on. Once the malware’s launcher is opened TeslaWare Ransomware should start enciphering all private files located on the infected computer and devices connected to it. For example, it could encrypt files with .m4u, .max, .mdb, .mdf, .mef, .mid, .mov, .mp3, .mp4, .mpg, .mrw, .msg, .mpa, .mpeg, .odb, .odc, .odm, .odp, .ods, .odt, .orf, .nef, .nrw, .p12, .p7b, .p7c, .pdb, .pdf, .pef, .pem, .pfx, .php, and a lot of other various extensions. Moreover, each enciphered file gets to be marked with a second extension called .Yugo.
TeslaWare Ransomware should not lock the screen, but it may show you two separate messages from the malware’s creators. One of them claims the user needs to “Send 300€ to this adress: 16TCsmcxGNDCpSLifrK2A8vYSDdGumtJC,” while other instructions explain the user should “Send 0.4250 BTC to this address: 1ELA17Hjj9xxgtjMWXNyy29ohAtx1JUZ4g.” The difference is not only in the provided Bitcoin wallet addresses but also the sums, as 0.425 Bitcoins is around 1063 euros at the moment of writing. Neither of the messages provide any contacts to reach the malicious application’s developers and ask to which account you should pay to get the decryption key. On the other hand, even if users knew exactly how to pay, we doubt many of them would like to risk losing these rather large sums.
If you have no intention to follow the malware’s creators instructions and put up with their demands, we urge you not to waste any time with this infection and erase it immediately. Deleting it manually by following the instructions located at the end of the text is only one of the ways to remove TeslaWare Ransomware. Users can eliminate it just the same with a trustworthy antimalware tool. If your computer is not guarded by such a tool, you can still install it on the infected computer. Then you should run a complete computer scan to identify and locate the malicious application along with other possible threats. Lastly, the user would only need to click the removal button, and the antimalware software should erase its detected threats.