HackDig : Dig high-quality web security articles

TeslaCrypt: We’re Sorry, Here’s the Decryption Key

2016-05-19 20:55
TeslaCrypt: We’re Sorry, Here’s the Decryption Key

Posted by on May 19, 2016.

Are the TeslaCrypt operators genuinely apologizing? Probably not, since it seems that they’ve moved on to CryptXXX rather than retiring to a monastery to flagellate themselves with birch twigs. However, after an ESET analyst, noticing that the TeslaCrypt project seemed to be shutting down, contacted them via the Tesla support/payment site and asked them to release the master decryption key.

Unexpected Benevolence

Since ransomware operators aren’t generally renowned for their benevolence, it was a pleasant surprise to see them post the master key with the message:

Project closed
master key for decrypt […]
wait for other people make universal decrypt software

we are sorry!

And, sure enough, both ESET and BloodDolly quickly came up with decryptors. Instructions for the use of the ESET tool are here, and for BloodDolly’s tool at Bleeping Computer here.

For Softpedia, Catalin Cimpanu noted that:

TeslaCrypt has been cracked numerous times in the past […] Switching to CryptXXX might have not been such a great idea either, since Kaspersky had already cracked the ransomware twice. It did so for CryptXXX 1.0, and it did it so for CryptXXX 2.0, just a few days after crooks released it.

TeslaCrypt Revisited

TeslaCrypt has had a chequered career: here’s some earlier info drawn from the AVIEN ransomware resource pages. A flaw in TeslaCrypt that allowed decryption by third parties was fixed in TeslaCrypt 3.0, but you may find it interesting nonetheless for the insight into how security companies and researchers work: TeslaCrypt Decrypted: Flaw in TeslaCrypt allows Victim’s to Recover their Files

More recent versions included a range of other ‘improvements’: it stopped using extensions to flag encrypted files (thus making identification a little harder), and was now delivered by spam campaign as well as by exploit kits. Here are a few links regarding those versions.

David Harley

Share This:

Source: /yek-noitpyrced-sedivorp-yrros-syas-gnag-tpyrcalset/50/6102/ku.oc.ytirucesti

Read:5988 | Comments:0 | Tags:David Harley BloodDolly CryptXXX ESET ransomware TeslaCrypt

“TeslaCrypt: We’re Sorry, Here’s the Decryption Key”0 Comments

Submit A Comment



Blog :

Verification Code:


Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud