Decryption Tool for TeslaCrypt Ransomware Infection

If our readers can recall, in an earliest post we had discussed TeslaCrypt – what it is and what it does. This post has some important information related to recent findings from our Labs. Read on to know more.

First, a brief flashback!

TeslaCrypt belongs to the family of ransomware; it was detected in February 2015. Once inside the system, it starts looking for information including images, docs, spreadsheets, PowerPoint presentations, etc. However, unlike others ransomware, it also seeks out saved game files (replays, maps, configurations, profiles, etc.) in the infected computer. Once the files are found, the malware begins encrypting them (converting data into an unreadable form, which can only be read with the help of a private key). And to get this key, the victim has to pay a ransom.

Current Situation
Although downright evil and malicious, malware authors are ambitious. If you thought that the TeslaCrypt authors stopped working after creating the first version of this malware, then you would be wrong. The latest version of this malware, reportedly released in November 2015, is known as ‘v8’ or ‘v2.2.0’. While it is not certain how many variants of this malware have been spawned since its inception, the latest version clearly states that the hackers have been keeping themselves busy.

The Quick Heal Threat Research Labs was recently reported about 60+ cases of TeslaCrypt infection. Apparently and fortunately, the encryption tool used by this particular variant is weak and can be broken to reveal the key that is required for decrypting the locked data.

Below is a link to a free tool that can be used by those who fell victim to the latest TeslaCrypt infection and their files were encrypted.

https://github.com/Googulator/TeslaCrack

Note:
• TeslaCrypt 2.0 infection can be recognized from the extension “.vvv” added to the names of the encrypted files.

• The recovery process takes a good amount of time so one needs to be patient; also, this tool does not guarantee the recovery of files in all cases.

A word of advice
The steps described for using this tool are not meant for novice users. So, if you are not sure about them, consider seeking assistance from a computer technician or a friendly neighbor who happens to be a computer geek.

To conclude, here are some safety measures to stay away from ransomware attacks:

1. Never download attachments or click on links in emails received from unwanted or unexpected sources, even if the source looks familiar.
2. Don’t respond to pop-up ads or alerts while visiting unfamiliar websites.
3. Apply all necessary security updates to your OS, software, and Internet browsers. Always keep automatic updates ON.
4. Have a security software installed in your PC that efficiently blocks spam and malicious emails, and automatically restricts access to malicious websites.

And, the most crucial step – while doing this will not save you from a ransomware infection, but will certainly help you recover. Take regular data backups. Ransomware goes after your data, and then threatens you to pay up in exchange for the data. So, if you have a backup, then you are guarded against extortion – which is, in fact, the most important part here.

We will keep you posted if we come across anymore important findings about TeslaCrypt or any of its nasty family members. Stay tuned to our blog, and stay safe!