Menu
Decryption tool available for TeslaCrypt ransomware that targets games

Decryption tool available for TeslaCrypt ransomware that targets games

Security researchers found that decryption keys can be recovered from systems infected with TeslaCrypt

Some users whose computers have been infected with a ransomware program called TeslaCrypt might be in luck: security researchers from Cisco Systems have developed a tool to recover their encrypted files.

TeslaCrypt appeared earlier this year and masquerades as a variant of the notorious CryptoLocker ransomware. However, its authors seemed intent on targeting gamers in particular.

Once installed on a system, the program encrypts files with 185 different extensions, over 50 of which are associated with computer games and related software, including user-generated content like game saves, maps, profiles, replays and mods.

In the ransom note displayed on infected computers, TeslaCrypt claims to be using asymmetric encryption based on the RSA public-key cryptosystem. If true, this would mean that the data is encrypted with a public key stored on the system and can only be decrypted with a private key held by the attackers.

However, after analyzing the malicious program, researchers from Cisco's Talos Group found that it actually uses a symmetric encryption algorithm called AES. This algorithm uses the same key for both encryption and decryption.

Some versions of TeslaCrypt store the encryption key in a file called key.dat on infected systems, but others delete it after they finish encrypting files and store an encrypted version of it in a different file called RECOVERY_KEY.TXT, the Cisco researchers said Monday in a blog post.

The researchers developed a tool that can decrypt files affected by TeslaCrypt if the master encryption key is still found in key.dat. Users should save a copy of this file as soon as they realize that their computers have been infected with TeslaCrypt so they can later use it with the Cisco tool.

The Cisco researchers are still working on reverse-engineering the algorithm used by attackers to restore the master encryption key based on the recovery key. If successful, this will allow them to also decrypt files from versions of TeslaCrypt that delete the master key from the key.dat file when the encryption operation is done.


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags Cisco Systemssecurityencryptionmalware

Featured

Slideshows

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

​Ingram Micro’s Hooked on Lenovo incentive programme recently rewarded 28 of New Zealand's top performing resellers with a full-on fishing trip at Great Barrier Island for the third year​ in a row.

Tight lines as Hooked on Lenovo catches up at Great Barrier Island
Inside the AWS Summit in Sydney

Inside the AWS Summit in Sydney

As the dust settles on the 2017 AWS Summit in Sydney, ARN looks back an action packed two-day event, covering global keynote presentations, 80 breakout sessions on the latest technology solutions, and channel focused tracks involving local cloud stories and insights.

Inside the AWS Summit in Sydney
Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Ingram Micro hosted its third annual Cure Kids Charity Golf Tournament at the North Shore Golf Club in Auckland. In total, 131 resellers, vendors and Ingram Micro suppliers enjoyed a round of golf consisting of challenges on each of the 18 sponsored holes, with Team Philips taking out the top honours.

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day
Show Comments