Menu
TeslaCrypt victims can now decrypt their files for free

TeslaCrypt victims can now decrypt their files for free

Security shocker: Ransomware creators give researchers the master decryption key

Victims of the widespread TeslaCrypt ransomware are in luck: Security researchers have created a tool that can decrypt files affected by recent versions of the malicious program.

Surprisingly, the TeslaCrypt creators themselves helped the researchers.

TeslaCrypt first appeared in early 2015 and stood out by targeting game-related user content, such as save files and custom maps, in addition to personal documents and pictures -- 185 different file extensions in total.

The program had some moderate success in the beginning, earning its creators $76,522 in less than two months. However, in April 2015, researchers from Cisco Systems discovered a flaw in the ransomware program that allowed them to create a decryption tool for some of its variants.

The number of TeslaCrypt attacks spiked in December and starting with version 3.0.1 of the program, which appeared in March, all encryption flaws were fixed and the existing decryption tools were rendered ineffective. That lasted until Wednesday.

Researchers from security vendor ESET have recently managed to obtain a copy of TeslaCrypt's master key, allowing them to create a new decryption tool that is capable of recovering files affected by the newer versions of TeslaCrypt (3.0 and higher). They didn't do this by exploiting a vulnerability in the program or its command-and-control servers, but by asking its creators for it.

"Recently, TeslaCrypt’s operators announced that they are wrapping up their malevolent activities," the ESET researchers said in a blog post. "On this occasion, one of ESET’s analysts contacted the group anonymously, using the official support channel offered to the ransomware victims by the TeslaCrypt’s operators, and requested the universal master decryption key. Surprisingly, they made it public."

The tool can recover TeslaCrypt-encrypted files whose extension was changed to .xxx, .ttt, .micro and .mp3, as well as those whose extension hasn't been modified. Instructions on downloading and using the tool can be found on ESET's support website.


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

Sizing up the NZ security spectrum - Where's the channel sweet spot?

Sizing up the NZ security spectrum - Where's the channel sweet spot?

From new extortion schemes, outside threats and rising cyber attacks, the art of securing the enterprise has seldom been so complex or challenging. With distance no longer a viable defence, Kiwi businesses are fighting to stay ahead of the security curve. In total, 28 per cent of local businesses faced a cyber attack last year, with the number in New Zealand set to rise in 2017. Yet amidst the sensationalism, media headlines and ongoing high profile breaches, confusion floods the channel, as partners seek strategic methods to combat rising sophistication from attackers. In sizing up the security spectrum, this Reseller News roundtable - in association with F5 Networks, Kaspersky Lab, Tech Data, Sophos and SonicWall - assessed where the channel sweet spot is within the New Zealand channel. Photos by Maria Stefina.

Sizing up the NZ security spectrum - Where's the channel sweet spot?
Show Comments