TeslaCrypt shuts down and Releases Master Decryption Key
- May 18, 2016
- 04:00 PM
- Read 11,726 times
- 10
In surprising end to TeslaCrypt, the developers shut down their ransomware and released the master decryption key. Over the past few weeks, an analyst for ESET had noticed that the developers of TeslaCrypt have been slowly closing their doors, while their previous distributors have been switching over to distributing the CryptXXX ransomware.
When the ESET researcher realized what was happening, he took a shot in the dark and used the support chat on the Tesla payment site to ask if they would release the master TeslaCrypt decryption key. To his surprise and pleasure, they agreed to do so and posted it on their now defunct payment site.
Now that the decryption key has been made publicly available, this allowed TeslaCrypt expert BloodDolly to update TeslaDecoder to version 1.0 so that it can decrypt version 3.0 and version 4.0 of TeslaCrypt encrypted files. This means that anyone who has TeslasCrypt encrypted files with the .xxx, .ttt, .micro, .mp3, or encrypted files without an extension can now decrypt their files for free!
How to use TeslaDecoder to decrypt Teslacrypt Encrypted Files
With the release of the master decryption key for TeslaCrypt, victims can now download TeslaDecoder to decrypt files encrypted by TeslaCrypt. Simply use the download link below and save TeslaDecoder to your desktop.
TeslaDecoder
TelaDecoder is downloaded as a zip file, so you need to extract it and then double-click on the TeslaDecoder.exe file. This will launch TeslaDecoder as shown below.
Now click on the Set Key button and select the extension used for your encrypted files.
If your encrypted files have the same name as the original files, select the
Once you have selected your encrypted file extension, click on the Set Key button as shown in the image below.
You will now be at the main screen with the correct decryption key loaded into the decryptor as shown below.
Now that the correct decryption key is loaded into the decryptor, you can either decrypt a certain folder or have it scan your entire drive. To decrypt only a specified folder, click on the Decrypt folder button. To decrypt the whole computer, click on the Decrypt all button. When you click on this button, TeslaDecoder will ask if you want to overwrite your files with the unencrypted version. To be safe, I always suggest that you do not do this in case something fails with the decryption.
When TeslaDecoder is done decrypting your files, it will show a summary in the main window.
All of your files should now be decrypted and if you did not choose to overwrite your files, there will be backups of the encrypted files with the .TeslaBackup extension added to them.
A big thanks to ESET and especially BloodDolly who has monitored every version of TeslaCrypt that was released. He has done a tremendous amount for the fight against ransomware and for helping TeslaCrypt victims all over the world!
Post a Comment Community Rules
You need to login in order to post a comment
Not a member yet? Register Now
You may also like
Latest forum topics
-
Project Oreon and othe random popups on Chrome and Firefox
pilotof727s in Virus, Trojan, Spyware, and Malware Removal Logs -
Bloccato Ransomware (.bloccato) Help & Support - LEGGI QUESTO FILE.txt
Demonslay335 in Ransomware Tech Support and Help -
dounty malware/adware ruined my computer
nollydee in Virus, Trojan, Spyware, and Malware Removal Logs
Latest Downloads
Comments
Cuko - 3 hours ago
So, still no hope for the .vvv file extension? :(
Grinler - 3 hours ago
This will work on VVV. We already had a solution on VVV, but this one is easier.
Googulator - 23 minutes ago
Are you sure this will work for .vvv files? IIRC a different master key was in use back then (the 3rd Tesla key, while 3.0 and 4.0 use the 4th one)
Grinler - 8 minutes ago
Ahh my bad, but we can still decrypt by the old factoring method.
vilhavekktesla - 3 hours ago
Cuko, just send me a pm, and I can guide you with your issue.
Regards
vilhavekktesla - 3 hours ago
Congrats to you all. This is fantastic news to anyone. To BC, Bloodolly, Eset, and all others thanks alot for you continous effort in the fight to help as many victims as possible. Now it appears the Only Teslaversion that cannot easily be decrypted is the .ccc version under certain circumstances. The forum is still available to all that need help decrypt and recover their version of Teslaencrypted files. There will now be several 1000000 happy Teslavictims, finally they can have their data back, and be lucky Tesla hit and not one of the other Ransomwares where many are not dedcryptable, unless you have the correct key.
So I repeat myself once again. Make sure you at all time heve healthy and valid backups of anything you do not want to loose, wether it be to ransomwares or a hard disk crash.
For all that paid to get the key, it's a sad experience, for anyone that wondered if they want to pay, this is a very happy day. Now all your data may be recovered, if you made the backups after the attack. Do celebrate this with making a backup of your recovered files.
Regards
BloodDolly - 2 hours ago
I think you mean old .ecc from pre-ECDH version of TeslaCrypt not .ccc..
jwhitted24 - 2 hours ago
I cannot thank everyone enough. One customer of ours has all his holiday pictures and videos from back to 2008 encrypted. We saved the drive just incase this was decrypted.
Time to get his data back!
wat679 - 2 hours ago
Amazing victory for everyone!!! I had my infected PC shelved and just waiting for this day - I knew it would come but I didn't imagine it to be in this manner of surrender... just wow! Keep up the good fight everyone on the defense and research side! What a good day for me and its going to be a good weekend as well :)
Thank you ESET and BloodDolly for persevering, without your determination this would not have been possible! Thank you Bleepingcomputer team for your support and delivering the good news!
Vinaka!!
Amigo-A - 1 hour ago
Great news! Thank you!