Discussion in 'Malware Analysis Archive' started by upnorth, Dec 4, 2015.

  1. upnorth

    upnorth Level 14

    Jul 27, 2015
    The Talos Security Intelligence and Research Group ( Talos ) reported in April 27, 2015 that they made a tool ( TeslaDecrypt ) that was able to decrypt the files encrypted by the TeslaCrypt ransomware. My question is...does this tool still work?

    The tool is old by now but I'm still curious so any member up for the challange and have time for it please feel free to test it and report back what happend.

    Threat Spotlight: TeslaCrypt – Decrypt It Yourself

    vrtadmin/TeslaDecrypt · GitHub

    Also seen a tool on bleepingcomputer.com that's supposed to be effective for the newer TeslaCrypt versions. TeslaDecoder.
    Rishi, harlan4096, frogboy and 2 others like this.
  2. LabZero

    LabZero Guest

    It would be good to test this tool to see if it also works with new Tesla Crypt versions.

    Reading the article, it is evident that the infected system must necessarily still contains a file called key.dat.
    In this file, Tesla Crypt retains a variety of information used to encode files and It's essential to decoding task;

    key.dat file is stored inside the % appdata% Windows folder. In case the file was deleted or not present, the recovery of your encrypted files will not be possible, at least using Tesla Decrypt tool.

    So I think It's therefore need to know whether the new ransomware versions still use the same mentioned file and then proceed with test.
    Rishi and frogboy like this.
  3. Rituraj Borah

    Rituraj Borah New Member

    Feb 16, 2016
    I am having some problem with this maleware called Teslacrypt.. It encrypts many different files. The virus encrypts drives, network shares. It is affecting the one network drive it connects to.
    Rishi and upnorth like this.
  4. hjlbx

    hjlbx Guest

    Open thread about your infection here: Malware Removal Assistance

    You will receive malware removal assistance from @TwinHeadedEagle .

    NOTE: The process of online assisted malware removal takes time - up to a few days.

    It requires persistence and patience, but the reward is a disinfected system.
    Rishi likes this.
  5. upnorth

    upnorth Level 14

    Jul 27, 2015
    Rishi, silversurfer and Der.Reisende like this.
Similar Threads Forum Date
Malware Alert Crysis Ransomware Appears Out of Thin Air to Take TeslaCrypt's Place News Archive Jun 10, 2016
Beyond TeslaCrypt: Crysis family lays claim to parts of its territory News Archive Jun 7, 2016
SOLVED Malware removal help (possibly teslacrypt) Malware Removal Assistance For Windows May 22, 2016
  • About Us

    Our community has been around since 2010, and we pride ourselves on offering unbiased, critical discussion among people of all different backgrounds about security and technology . We are working every day to make sure our community is one of the best.
  • Need Malware Removal Help?

    If you're being redirected from a site you’re trying to visit, seeing constant pop-up ads, unwanted toolbars or strange search results, your computer may be infected with malware. We offer free malware removal assistance to our members in the Malware Removal Assistance forum.
  • Quick Tip

    Without meaning to, you may click a link that installs malware on your computer. To keep your computer safe, only click links and downloads from sites that you trust. Don’t open any unknown file types, or download programs from pop-ups that appear in your browser.