Cisco Decryption Tool for TeslaCrypt victims

Another "failed" crypto-malware allows security researchers to create a decryption tool. The tool allows who have been victims of blackmail by the to recover their data without paying ransom.TeslaCrypt malware

TeslaCrypt malware appeared relatively recently and can encrypt a large list of files, such as saved game data, documents, photos, and more. It's a variation of the famous CryptoLocker.

The TeslaCrypt software uses an AES algorithm, which uses the same key for encryption and decryption, despite malicious developers' claims that they use a strong RSA public-key for encryption and a private one for reversing the process.

In the latter case, the private key is usually stored on the attacker's server, making it impossible for data to be retrieved from the victim's side.

The decryption tool, created by Cisco researchers, is a command-line application, but it comes with clear instructions on how it can be used to restore you.

The utility analyzes a file created by the malware called “key.dat.” This file stores the master encryption key when the file locking process starts. The path of this file is in the user's 'Application Data' folder. Without this .dat file, the decryption tool will not work.

In some versions TeslaCrypt, as reported by researchers in one publishing on their blog, malicious software creates this recovery key if communication with the malware management and control server can not be achieved.

While researchers' efforts are commendable, users should not rely solely upon them to keep their records safe. There are other ransomware currently in circulation and it's impossible to decrypt them.

Regular backup of your data and storage on a disk that is not at risk of being infected remains the most effective method to protect the integrity of your files.

Download the Cisco tool

Windows binary:
http://labs.snort.org/files/TeslaDecrypt_exe.zip
ZIP SHA256: 57ce1c16e920a9e19ea1c14f9c323857c9a40751619d3959684c7e17956d66c6 

Python script:
https://labs.snort.org/files/TeslaDecrypt_python.zip
ZIP SHA256: ea58c2dd975ed42b5a30729ca7a8bc50b6edf5d8f251884cb3b3d3ceef32bd4e

to Windows binary:
https://labs.snort.org/files/TeslaDecrypt_cpp.zip
ZIP SHA256: 45908f0b3f8eb73bf820ded0a886842ac5c3e4c83068097806daad662046b1e0

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.082 registrants.

ciscohttpslabsmalwareteslacryptwindows

Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).