Hit by TeslaCrypt ransomware? Here’s the solution

Graham Cluley

Hit by TeslaCrypt ransomware? Here's the solution

Hit by TeslaCrypt ransomware? Here's the solution

Too often stories about ransomware infections have unhappy endings.

On many occasions, home users and businesses find themselves in the distressing position of finding themselves with their files encrypted weighing up the rights and wrongs of paying Bitcoins to a gang of anonymous extortionists to recover their data.

So it’s good to share some good news, which should provide some cheer and hope to victims of versions of TeslaCrypt, one of the most notorious instances of ransomware.

Teslacrypt master key

As researchers at ESET describe, the ransomware gang behind TeslaCrypt seems remarkably happy to help without demanding payment:

“One of ESET’s analysts contacted the group anonymously, using the official support channel offered to the ransomware victims by the TeslaCrypt’s operators, and requested the universal master decryption key.

Surprisingly, they made it public.

This allowed ESET to create a free decrypting tool promptly, which is able to unlock files affected by all variants of this ransomware.”

I don’t like to say much positive about cybercrime gangs, but it seems like on this occasion they provided some excellent customer service! And, by crikey, they even said sorry!

The smart folks at ESET were able to use the information provided to build a TeslaCrypt decryption tool (with a funky ANSI.SYS-style logo – nice work guys!)

Teslacrypt decryption tool

More details of the decryption tool can be found in this ESET support knowledgebase article.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

3 Replies to “Hit by TeslaCrypt ransomware? Here’s the solution”

  1. The cynic inside me offers an alternative scenario: these dudes have just written an even more vicious ransomware software, and so they're providing the key to this (now outdated) software just in case they're caught sometime in the future…and need some goodwill…

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.