Decryption Tool for TeslaCrypt Ransomware Now Available

[Karamjit]

Users should still be cautious and create backups

Another piece of crypto-malware falls at the hands of security researchers, who managed to create a decryption tool that allows users falling victim to TeslaCrypt’s locking capabilities to recover their data without paying a dime.

TeslaCrypt emerged relatively recently and has captured attention due to the list of targeted files, which include a large number of game-related items, and the fact that it tried to pass as a variant of the infamous CryptoLocker.

TeslaCrypt employs the AES algorithm, which uses the same key for both encryption and decryption, despite claims that it relies on strong RSA public-key cryptography, where a public key is used for encryption and a private one for reversing the process.

The private key usually does not leave the attacker's server, thus making impossible the recovery of the data from client side..
TeslCrypt master key can be recovered

The decryption tool, created by the researchers from Cisco, is command line based, but it comes with clear instructions on how it can be used to carry out the file recovery task.

The utility parses a file created by the malware called “key.dat,” where the master encryption key is stored upon starting the file locking procedure. The location of this file is in user’s “Application Data’ directory. Without this item, the decryption tool generates an error and exits.

In some versions of TeslaCrypt, the researchers note in a blog post on Monday, a recovery key is created, whose purpose is to enable the attackers to calculate the encryption key if communication with the command and control (C&C) server cannot be achieved, a scenario where the key used for locking the data on the compromised computer is deleted.

Cisco created a Windows binary version for their decryption utility, and also makes available a Python script as well as the source code for the Windows executable.
CoinVault encryption can also be reversed without payment

About two weeks ago, Kaspersky announced that they built a decryption tool, too, for another ransomware with file encryption capabilities called CoinVault.

In their case the solution relies on the work of the National High Tech Crime Unit (NHTCU) of the police in Netherlands, who managed to seize a C&C server with a database containing encryption keys.

While the efforts of the researchers are commendable, users should not rely exclusively on them to keep files safe. There are other ransomware pieces in the wild that do not have a decryption tool available.

Backing up data on a regular basis and storing it in a location that is not at risk of being infected remains the most efficient method to protect the integrity of the files and avoid paying a ransom if malware locks the digital assets.

Cisco decryption utility: https://labs.snort.org/files/TeslaDecrypt_exe.zip

From: http://news.softpedia.com/news/Decryption-Tool-for-TeslaCrypt-Ransomware-Now-Available-479488.shtml

[humble3d]

Just the fact they have slandered the name of Tesla means certain death for them ! B)