Level 44
Content Creator
Malware Hunter
The Talos Security Intelligence and Research Group ( Talos ) reported in April 27, 2015 that they made a tool ( TeslaDecrypt ) that was able to decrypt the files encrypted by the TeslaCrypt ransomware. My question is...does this tool still work?

The tool is old by now but I'm still curious so any member up for the challange and have time for it please feel free to test it and report back what happend.

Threat Spotlight: TeslaCrypt – Decrypt It Yourself

vrtadmin/TeslaDecrypt · GitHub

Also seen a tool on bleepingcomputer.com that's supposed to be effective for the newer TeslaCrypt versions. TeslaDecoder.


It would be good to test this tool to see if it also works with new Tesla Crypt versions.

Reading the article, it is evident that the infected system must necessarily still contains a file called key.dat.
In this file, Tesla Crypt retains a variety of information used to encode files and It's essential to decoding task;

key.dat file is stored inside the % appdata% Windows folder. In case the file was deleted or not present, the recovery of your encrypted files will not be possible, at least using Tesla Decrypt tool.

So I think It's therefore need to know whether the new ransomware versions still use the same mentioned file and then proceed with test.