Companies like Kaspersky and Cisco's Talos have reverse-engineered various pieces of ransomware, helping corporate clients and anyone else rescue files without paying. The security community has also developed better detection and distribution disruption methods for the scourge. According to Talos, "this has lead adversaries to iterating and improving upon the previous release of TeslaCrypt."
We can not say it loud and often enough, ransomware has become the black plague of the internet, spread by highly sophisticated exploit kits and countless spam campaigns.
Previously, it stored the private key needed to unlock files on your own machine. However, after generating the key locally, TeslaCrypt 3.01 transfers it to the bad guy's server and deletes it from your PC. As a result, "the private key never has to leave the [attacker's] server and the ransomware uses a different key for each victim," according to Talos. With the 256-bit key nowhere to be found and impossible to brute force, the only way you can get your files is to pay.
"We can not say it loud and often enough, ransomware has become the black plague of the internet, spread by highly sophisticated exploit kits and countless spam campaigns," Talos says. Attackers are going after bigger targets that can afford to pay more, with potentially catastrophic consequences, as we saw at a Hollywood hospital. The best defense is to back up your files, but even that might not help. The FBI recently said that "in a new scheme, cyber criminals attempt to infect whole networks with ransomware and use persistent access to locate and delete network backups."