Menu
Decryption tool available for TeslaCrypt ransomware that targets games

Decryption tool available for TeslaCrypt ransomware that targets games

Security researchers found that decryption keys can be recovered from systems infected with TeslaCrypt

Some users whose computers have been infected with a ransomware program called TeslaCrypt might be in luck: security researchers from Cisco Systems have developed a tool to recover their encrypted files.

TeslaCrypt appeared earlier this year and masquerades as a variant of the notorious CryptoLocker ransomware. However, its authors seemed intent on targeting gamers in particular.

Once installed on a system, the program encrypts files with 185 different extensions, over 50 of which are associated with computer games and related software, including user-generated content like game saves, maps, profiles, replays and mods.

In the ransom note displayed on infected computers, TeslaCrypt claims to be using asymmetric encryption based on the RSA public-key cryptosystem. If true, this would mean that the data is encrypted with a public key stored on the system and can only be decrypted with a private key held by the attackers.

However, after analyzing the malicious program, researchers from Cisco's Talos Group found that it actually uses a symmetric encryption algorithm called AES. This algorithm uses the same key for both encryption and decryption.

Some versions of TeslaCrypt store the encryption key in a file called key.dat on infected systems, but others delete it after they finish encrypting files and store an encrypted version of it in a different file called RECOVERY_KEY.TXT, the Cisco researchers said Monday in a blog post.

The researchers developed a tool that can decrypt files affected by TeslaCrypt if the master encryption key is still found in key.dat. Users should save a copy of this file as soon as they realize that their computers have been infected with TeslaCrypt so they can later use it with the Cisco tool.

The Cisco researchers are still working on reverse-engineering the algorithm used by attackers to restore the master encryption key based on the recovery key. If successful, this will allow them to also decrypt files from versions of TeslaCrypt that delete the master key from the key.dat file when the encryption operation is done.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags Cisco Systemssecurityencryptionmalware

Slideshows

Top 50 defining moments of the New Zealand channel in 2016

Top 50 defining moments of the New Zealand channel in 2016

Reseller News looks back on a tumultuous 12 months for the New Zealand channel, assessing the fallout from a year of sizeable industry change. Whether it be local or global mergers and acquisitions, distribution deals or job changes, the channel that started the year differs somewhat to the one set to finish it - Reseller News assesses the key moments that made 2016.​

Top 50 defining moments of the New Zealand channel in 2016
​Hewlett Packard Enterprise honours high achieving NZ channel

​Hewlett Packard Enterprise honours high achieving NZ channel

Hewlett Packard Enterprise honoured its top performing Kiwi partners at the second running of its HPE Partner Awards in New Zealand, held at a glitzy ceremony in Auckland. Recognising excellence across eight categories - from distributors to resellers - the tech giant celebrated its first year as a standalone company, following its official split from HP in 2015.

​Hewlett Packard Enterprise honours high achieving NZ channel
Nutanix treats channel partners to Christmas cruise

Nutanix treats channel partners to Christmas cruise

Nutanix recently took to the seas for a Christmas Cruise around Sydney Harbour with its Australia and New Zealand staff, customers and partners to celebrate a stellar year for the vendor. With the sun out, they were all smiles and mingled over drinks and food.

Nutanix treats channel partners to Christmas cruise
Show Comments