Hit by TeslaCrypt ransomware? Here's the solution

Extortionists reveal master key to anti-virus researchers.

Hit by TeslaCrypt ransomware? Here's the solution

Too often stories about ransomware infections have unhappy endings.

On many occasions, home users and businesses find themselves in the distressing position of finding themselves with their files encrypted weighing up the rights and wrongs of paying Bitcoins to a gang of anonymous extortionists to recover their data.

So it's good to share some good news, which should provide some cheer and hope to victims of versions of TeslaCrypt, one of the most notorious instances of ransomware.

Teslacrypt master key

As researchers at ESET describe, the ransomware gang behind TeslaCrypt seems remarkably happy to help without demanding payment:

"One of ESET’s analysts contacted the group anonymously, using the official support channel offered to the ransomware victims by the TeslaCrypt’s operators, and requested the universal master decryption key.

Surprisingly, they made it public.

This allowed ESET to create a free decrypting tool promptly, which is able to unlock files affected by all variants of this ransomware."

I don't like to say much positive about cybercrime gangs, but it seems like on this occasion they provided some excellent customer service! And, by crikey, they even said sorry!

The smart folks at ESET were able to use the information provided to build a TeslaCrypt decryption tool (with a funky ANSI.SYS-style logo - nice work guys!)

Teslacrypt decryption tool

More details of the decryption tool can be found in this ESET support knowledgebase article.

Tags: , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, ,

3 Responses

  1. Vito Tuxedo

    May 20, 2016 at 2:10 pm #

    Well whaddya know…pigs can fly after all. ;)

  2. Thiha Han

    May 25, 2016 at 8:20 am #

    The cynic inside me offers an alternative scenario: these dudes have just written an even more vicious ransomware software, and so they're providing the key to this (now outdated) software just in case they're caught sometime in the future…and need some goodwill…

  3. Cihan

    May 26, 2016 at 10:11 pm #

    hi, does anyone know a solution for locky extension files ?

Leave a Reply