Telecrypt ransomware has been cracked just two weeks after it first appeared.
MalwareBytes lab has found that the decryption method needs .NET to work and offers decryption with one file being sent for analysis.
“Telecrypt will generate a random string to encrypt the files that is between 10-20 length and only contain the letters vo,pr,bm,xu,zt,dq. Telecrypt encrypts files by looping through them a SINGLE byte at a time, and then simply adding a byte from the key in order. This simple encryption method allows a decryption application to be made,” Malwarebytes Labs explains.
Distribution methods include spam email, exploit kits and drive-by downloads. The ransom note and the GUI are both written in Russian. The malware is written in Delphi and researchers suggest that the creators of the ransomware are not showing any advanced skills.
Kaspersky labs has created a free decryption key and are heavily involved in NoMoreRansom which helps the victims of numerous other ransomware families decrypt their files.
Source: Security Week
MalwareBytes lab has found that the decryption method needs .NET to work and offers decryption with one file being sent for analysis. “Telecrypt will generate a random string to encrypt the files that is between 10-20 length and only contain the letters vo,pr,bm,xu,zt,dq. Telecrypt encrypts files by looping through them a SINGLE byte at a time, and then simply adding a byte from the key in order. This simple encryption method allows a decryption application to be made,” Malwarebytes Labs explains.
Distribution methods include spam email, exploit kits and drive-by downloads. The ransom note and the GUI are both written in Russian. The malware is written in Delphi and researchers suggest that the creators of the ransomware are not showing any advanced skills.
Kaspersky labs has created a free decryption key and are heavily involved in NoMoreRansom which helps the victims of numerous other ransomware families decrypt their files.
Source: Security Week
