Free decryptor for Telecrypt released by Malwarebytes

Dirk41

Level 17
Thread author
Verified
Top Poster
Mar 17, 2016
797
Nathan Scott, a malware analyst for Malwarebytes, was able to crack the encryption system used by the Telecrypt ransomware, discovered two weeks ago by researchers from Kaspersky Lab.

The peculiar feature that made this threat unique was the ransomware's command and control (C&C) client-server communications channel, for which the operators chose to use the Telegram protocol, instead of HTTP or HTTPS like most ransomware does these days.

This made Telecrypt stand out, albeit its threat vector was low, since it only targeted Russian users with its first version, and only bothered showing the ransom note in Russia alone.

Telecrypt-GUI-Ransom-1.png

Telecrypt ransom note (via Kaspersky Lab)


You can get the Telecrypt ransomware decryptor created by Malwarebytes from this Box link.

Inside it you'll find two files: the decrypter itself and a text file with usage instructions. The decryptor's interface is self-explanatory, but make sure to read the usage instructions first.

The decryptor needs to run as the system administrator. In modern Windows versions, you can right-click it and select "Run as Administrator" from the drop-down menu. In older Windows versions you need to right-click the file, choose Properties, then the Compatibility tab, and select the "Run This Program As An Administrator" option.

TelecryptDecrypter.png

Telecrypt Decryptor


To run the Telecrypt decryptor, victims need a good and an encrypted version of the same file, so the decryptor can determine the ransomware's encryption key.

You can find unencrypted versions of your files in email accounts, file syncing services (Dropbox, Box), or from older system backups if you made any.

After the decryptor finds the encryption key, it will then present the user with the option to decrypt a list of all encrypted files, or from one specific folder. Telecrypt keeps a list of all encrypted files at "%USERPROFILE%\Desktop\База зашифр файлов.txt"
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top