Posted by David Harley on May 19, 2016.
Are the TeslaCrypt operators genuinely apologizing? Probably not, since it seems that they’ve moved on to CryptXXX rather than retiring to a monastery to flagellate themselves with birch twigs. However, after an ESET analyst, noticing that the TeslaCrypt project seemed to be shutting down, contacted them via the Tesla support/payment site and asked them to release the master decryption key.
Unexpected Benevolence
Since ransomware operators aren’t generally renowned for their benevolence, it was a pleasant surprise to see them post the master key with the message:
Project closed
master key for decrypt […]
wait for other people make universal decrypt software
we are sorry!
And, sure enough, both ESET and BloodDolly quickly came up with decryptors. Instructions for the use of the ESET tool are here, and for BloodDolly’s tool at Bleeping Computer here.
For Softpedia, Catalin Cimpanu noted that:
TeslaCrypt has been cracked numerous times in the past […] Switching to CryptXXX might have not been such a great idea either, since Kaspersky had already cracked the ransomware twice. It did so for CryptXXX 1.0, and it did it so for CryptXXX 2.0, just a few days after crooks released it.
TeslaCrypt Revisited
TeslaCrypt has had a chequered career: here’s some earlier info drawn from the AVIEN ransomware resource pages. A flaw in TeslaCrypt that allowed decryption by third parties was fixed in TeslaCrypt 3.0, but you may find it interesting nonetheless for the insight into how security companies and researchers work: TeslaCrypt Decrypted: Flaw in TeslaCrypt allows Victim’s to Recover their Files
More recent versions included a range of other ‘improvements’: it stopped using extensions to flag encrypted files (thus making identification a little harder), and was now delivered by spam campaign as well as by exploit kits. Here are a few links regarding those versions.
- Help Net: TeslaCrypt: New versions and delivery methods, no decryption tool
- Bleeping Computer: TeslaCrypt 4.0 Released with Bug Fixes and Stops Adding Extensions
- Endgame: Your Package Has Been Successfully Encrypted: TeslaCrypt 4.1A and the Malware Attack Chain
David Harley
Share This:






Source: /yek-noitpyrced-sedivorp-yrros-syas-gnag-tpyrcalset/50/6102/ku.oc.ytirucesti