TeslaRVNG1.5 ransomware – a new file-locking-type computer infection from the Ouroboros family

TeslaRVNG1.5 ransomware is a malicious computer virus developed to extort money from its victims by encrypting their files and demanding a ransom to unlock them. This cryptovirus derives from a relatively small ransomware family of Ouroboros, with members like Odveta virus, Zeropadypt NextGen virus, and others.
During the encryption, TeslaRVNG1.5 ransomware virus renames all data in a complex manner by prepending id[unique user ID].[tesla369@cock.li] and appending .teslarvng1.5 extension to all original filenames. In other words, if you had a file named a.pdf, it would now appear as id[unique user ID].[tesla369@cock.li].a.pdf.teslarvng1.5. Keep in mind that when files get locked, their contents aren't corrupted.
Following the file lockage, the file-locking parasite generates a ransom note, titled teslarvng1.5.hta, and leaves it on the desktop. When the file is opened, it appears as a pop-up window. With this note, cybercriminals want to pursue their victims to contact them by any of the two given emails – tesla369@cock.li, teslacrypt369@cyberfear.com.
Some of the previous versions from this lineage have already been decoded, so it's not the end of the world if you got your machine infected. We're happy you're here, as we strive to help our readers who are in a bit of a pickle. This article provides detailed instructions on how to get rid of TeslaRVNG1.5 virus both manually and automatically.
| name | TeslaRVNG1.5 ransomware |
|---|---|
| Type | Ransomware, file-locking virus |
| Family | Ouroboros |
| ransom note | teslarvng1.5.hta |
| appended file extension | Encrypted files receive id[unique user ID].[tesla369@cock.li].(original filename).teslarvng1.5 extension |
| Criminal contact info | tesla369@cock.li, teslacrypt369@cyberfear.com |
| Distribution | RDP attacks, scam emails, file-sharing platforms |
| virus removal | Trustworthy anti-malware software must be used to eliminate such cyber infections and prevent them from gaining control of the device |
| System Repair | During the infection, system files get altered, which may lead to unstable system performance. Scan your computer with the FortectIntego system repair tool to fix any system issues |
Ransom notes are created to scare and convince people that there are no other means to regain access to their files apart from paying the assailants. In many cases, that might be true, but under no circumstances do we agree with that. Actually, paying the ransom is the worse thing that an owner of an infected device could do because:
- It motivates the criminals to attack more innocent computer users
- Paid money finances their research for better infection techniques
- It finances the development of more sophisticated cyber threats
As soon as a user sees a ransom note or that their files are inaccessible, they must scan their devices with dependable anti-malware software, such as SpyHunterCombo Cleaner or MalwarebytesMalwarebytes, and get rid of any suspicious files. The same should be done with this article's culprit – perform a full system scan, and remove TeslaRVNG1.5 ransomware.
There's no point in reading the ransom note, as it is pretty much the same as all notes from all other cryptoviruses. The price isn't specified, nor is the preferred payment method (based on our research, it will most likely be Bitcoins). The whole note from the threat actors behind TeslaRVNG1.5 ransomware states:
all data in your machine turned to useless binary code
to return email us at : tesla369@cock.li , teslacrypt369@cyberfear.com (send copy to both, your id as subject)
your id : –
tips:
no one else can help you ,don't waste your business time
anyone/any company offering help will get extra fee(some times even more than ours!) added to ours or simplly will scam you
we prove you we can recover data before payment (sample file )
price increases over time
due raas to avoid scam never pay anyone without testfile (even us),never pay outside of this 2 emails(even if you get replay of above emails from other email),incase of scam (witch wont happen 100% if you follow what said in this line) create a toptic at bleepingcomputer.com with proofs (email logs, and transaction proofs) ,admin will find you there and give your decryptor for free and ban the scammer
We're going to reiterate one point – PLEASE DON'T CONTACT THE CRIMINALS OR PAY THE RANSOM. The only way to stop TeslaRVNG1.5 ransomware and other crypto-malware from spreading is by stoping the criminals from getting richer. If no one would pay the ransom, the criminals would be broke and wouldn't have the finances to develop new malware.

If you didn't have anti-malware software or the old one failed to stop the infection, get a trustworthy one, and eliminate the infection. In some cases, cryptoviruses can block this type of software from opening. Then you'll have to do a manual TeslaRVNG1.5 ransomware removal.
Please don't be scared, it's not rocket science. Just follow our step-by-step instructions at the end of this article, and you'll be done in five minutes. Once that's done, we highly advise to repair all corrupted system files with a powerful system tune-up tool like the FortectIntego.
Avoiding the most popular ransomware delivery techniques
There are various malware types,[1] such as Trojans, worms, keyloggers, etc., and its payload files are delivered using different techniques. Our cybersecurity experts report that the two most popular ways cybercriminals are spreading ransomware are through spam emails and file-sharing platforms.
Spam emails are created to spread various malware, and ransomware is one of them. Usually, the payload files are either in an email attachment or in a hyperlink that would lead to a malicious website. Please don't open any emails or their contents that urge you to do something, like visit a certain site immediately because of some security issues, or download the attachment with important new details. Criminals use these techniques to trick people.
File-sharing platforms offer various copyrighted movies or pirated software for free. Cybercriminals exploit people's weakness for free stuff by camouflaging their creations as the most anticipated cracked games, free installers of expensive software, and alike. Refrain from using these sites altogether because any offered content might have a very unpleasant surprise hidden within.

Tutorial for TeslaRVNG1.5 ransomware virus removal and system tune-up
To stay safe on the internet, people should acquire reliable anti-malware software such as SpyHunterCombo Cleaner or MalwarebytesMalwarebytes because cyber infections are hiding everywhere these days. Professional AV tool will not only remove TeslaRVNG1.5 ransomware but prevent all kinds of malware and crapware from infecting devices if you keep them running from time to time.
The importance of a trustworthy anti-malware tool can be seen in a suspicious file analysis portal VirusTotal, which research shows[2] that 34 out of 71 anti-virus engines caught the TeslaRVNG1.5 ransomware virus, thus preventing infection. Here's a couple of detection name variations:
- Ransom.Teslarvng
- Program:Win32/Vigram.A
- Trojan.GenericKD.45273226 (B)
- Win64:Trojan-gen
- Trojan.Gen.MBT
If anti-malware tools are blocked by the cryptovirus, meaning they can't be opened, then reboot your computer and start it in Safe Mode with Networking. Then TeslaRVNG1.5 ransomware removal shouldn't be impeded. If you don't know how to launch that mode, refer to our free guide below.
Once the machine is virus-free, the next step is taking care of the system files and settings. To do that automatically, experts [3] suggest downloading and running FortectIntego – a powerful system repair tool. This app will find all system irregularities and fix them with a push of a button so you could enjoy your device anew.
Was this guide helpful?
Be the first to comment