Cisco Decryption Tool for TeslaCrypt victims

Another “failed” crypto- allows security researchers to create a decryption tool. The tool allows TeslaCrypt blackmailed users to recover their data without paying the ransom.TeslaCrypt malware

TeslaCrypt malware appeared relatively recently and can encrypt a large list of files, such as saved game data, documents, photos, and more. It's a variation of the famous CryptoLocker.

The TeslaCrypt malware uses an AES algorithm, which uses the same key for encryption and decryption, despite claims by the malicious developers that they use a strong RSA public-key for encryption and a private one for reversing. s.

In the second case the private key is usually stored on the attacker's server, thus making it impossible of data from the victim's side.

The decryption tool, created by Cisco researchers, is a command line application, but comes with clear instructions on how it can be used to restore your files.

The program analyzes a file created by the malware called “key.dat.” This file stores the master encryption key when the file locking process starts. The path of this file is in the user's 'Application Data' folder. Without this .dat file, the decryption tool will not work.

In some versions TeslaCrypt, as reported by researchers in one publishing on their blog, malicious software creates this recovery key if communication with the malware management and control server can not be achieved.

While researchers' efforts are commendable, users should not rely solely upon them to keep their records safe. There are other ransomware currently in circulation and it's impossible to decrypt them.

Regular backup of your data and storage on a disk that is not at risk of being infected remains the most effective method to protect the integrity of your files.

Download the Cisco tool

Windows binary:
http://labs.snort.org/files/TeslaDecrypt_exe.zip
ZIP SHA256: 57ce1c16e920a9e19ea1c14f9c323857c9a40751619d3959684c7e17956d66c6 

Python script:
https://labs.snort.org/files/TeslaDecrypt_python.zip
ZIP SHA256: ea58c2dd975ed42b5a30729ca7a8bc50b6edf5d8f251884cb3b3d3ceef32bd4e

Source code to Windows binary:
https://labs.snort.org/files/TeslaDecrypt_cpp.zip
ZIP SHA256: 45908f0b3f8eb73bf820ded0a886842ac5c3e4c83068097806daad662046b1e0

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.087 registrants.

ciscohttpslabsmalwareteslacryptwindows

Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).