Cisco Decryption Tool for TeslaCrypt victims

Another "failed" crypto-malware allows security researchers to create a decryption tool. The tool allows users who have been blackmailed by TeslaCrypt to retrieve their data without paying a ransom.TeslaCrypt malware

The TeslaCrypt malware appeared in this regard and can encrypt a large list of files, such as game saves, documents, photos, and more. It is a para of the famous CryptoLocker.

The TeslaCrypt malware an AES algorithm, which uses the same key for encryption and decryption, despite malicious developers' claims that they use a strong RSA public-key for encryption and a private one for reversing the process.

In the latter case, the private key is usually stored on the attacker's server, making it impossible for data to be retrieved from the victim's side.

The decryption tool, created by Cisco researchers, is a command line application, but comes with clear instructions on how it can be used to restore your files.

The analyzes a file created by the malware called “key.dat.” This file stores the master encryption key when the file locking process starts. The path of this file is in the user's 'Application Data' folder. Without this .dat file, the decryption tool will not work.

In some versions TeslaCrypt, as reported by researchers in one publishing on their blog, malicious software creates this recovery key if communication with the malware management and control server can not be achieved.

While researchers' efforts are commendable, users should not rely solely upon them to keep their records safe. There are other ransomware currently in circulation and it's impossible to decrypt them.

Regular backup of your data and storage on a disk that is not at risk of being infected remains the most effective method to protect the integrity of your files.

Download the Cisco tool

Windows binary:
http://labs.snort.org/files/TeslaDecrypt_exe.zip
ZIP SHA256: 57ce1c16e920a9e19ea1c14f9c323857c9a40751619d3959684c7e17956d66c6 

Python script:
https://labs.snort.org/files/TeslaDecrypt_python.zip
ZIP SHA256: ea58c2dd975ed42b5a30729ca7a8bc50b6edf5d8f251884cb3b3d3ceef32bd4e

Source code to Windows binary:
https://labs.snort.org/files/TeslaDecrypt_cpp.zip
ZIP SHA256: 45908f0b3f8eb73bf820ded0a886842ac5c3e4c83068097806daad662046b1e0

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.087 registrants.

ciscohttpslabsmalwareteslacryptwindows

Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).