TeslaCrypt

29th August 2016: yet another TeslaCrypt decrypter, this time from AVG.

[Added 24th June 2016]

For eWeek, Robert Lemos observes Security Researchers Puzzled by Demise of TeslaCrypt Ransomware.

To be honest, I think the media are more preoccupied with the reasons behind the TeslaCrypt group’s actions than security researchers are in general, but I was happy to give him the benefit of my prejudices opinions, and flattered that he gave them so much space.

[Added 10th June 2016]

Talos announced that its TeslaCrypt decryptor now covers all versions of the malware. I notice that people are still looking for help with earlier versions, so I guess it’s a good idea to have decryption for all of them in one place. Note, however, the footnote on that page:

*NOTE – ENCRYPTED FILES SHOULD BE BACKED UP BEFORE USING THIS UTILITY. THIS IS A TEST TOOL WHICH IS NOT OFFICIALLY SUPPORTED AND THE USER ASSUMES ALL LIABILITY FOR THE USE OF THE TOOL.

To be fair, backing up encrypted files before trying a decryptor is always a good idea.

[Added 25th May 2016]

Not directly concerning TeslaCrypt, but see CryptXXX for a new and discomforting development in that malware, believed to be the TeslaCrypt ops’ new ransomware of choice.

More positively, Peter Stancik discusses the decline and fall of TeslaCrypt with Igor Kabana, who was responsible for ESET’s decryption tool.

[Added 19th May 2016]

Posted by me to the ITSecurity UK site re the decline and fall of TeslaCrypt: TeslaCrypt: We’re Sorry, Here’s the Decryption Key. Since ransomware ops seem to have moved on from TeslaCrypt to CryptXXX, I’m not sure how seriously we should take that apology.  ESET and BloodDolly have released decryptors: Instructions for the ESET tool are here, and for BloodDolly’s tool at Bleeping Computer here.

• Lawrence Abrams for Bleeping Computer:  TeslaCrypt shuts down and Releases Master Decryption Key
• ESET: ESET releases new decryptor for TeslaCrypt ransomware
• Catalin Cimpanu for Softpedia: TeslaCrypt Ransomware Project Appears to Shut Down, Offers Free Decryption Key – Crooks pull plug on TeslaCrypt, switch to CryptXXX instead
• Sophos: TeslaCrypt ransomware gang shuts up shop, reveals master key
• Help Net Security: The end of TeslaCrypt: Master decryption key released

[Added 23rd January 2016]

Unfortunately, a flaw in TeslaCrypt was fixed in TeslaCrypt 3.0, but you may find it interesting nonetheless for the insight into how security companies and researchers work:

TeslaCrypt Decrypted: Flaw in TeslaCrypt allows Victim’s to Recover their Files

[Added 25th April 2016]

More recent versions include a range of ‘improvements’ – decryption isn’t possible, it doesn’t use extensions to flag encrypted files (making identification a little harder), now delivered by spam campaign as well as  by exploit kits. Help Net:

• TeslaCrypt: New versions and delivery methods, no decryption tool
• Bleeping Computer: TeslaCrypt 4.0 Released with Bug Fixes and Stops Adding Extensions
• Endgame: Your Package Has Been Successfully Encrypted: TeslaCrypt 4.1A and the Malware Attack Chain

[Back to  Ransomware Resource Page]

[Back to Specific Ransomware Families and Types]