TeslaCrypt

upnorth

Level 20
Joined
Jul 27, 2015
Messages
953
#1
The Talos Security Intelligence and Research Group ( Talos ) reported in April 27, 2015 that they made a tool ( TeslaDecrypt ) that was able to decrypt the files encrypted by the TeslaCrypt ransomware. My question is...does this tool still work?

The tool is old by now but I'm still curious so any member up for the challange and have time for it please feel free to test it and report back what happend.

Threat Spotlight: TeslaCrypt – Decrypt It Yourself

vrtadmin/TeslaDecrypt · GitHub

Also seen a tool on bleepingcomputer.com that's supposed to be effective for the newer TeslaCrypt versions. TeslaDecoder.
 
L

LabZero

Guest
#2
It would be good to test this tool to see if it also works with new Tesla Crypt versions.

Reading the article, it is evident that the infected system must necessarily still contains a file called key.dat.
In this file, Tesla Crypt retains a variety of information used to encode files and It's essential to decoding task;

key.dat file is stored inside the % appdata% Windows folder. In case the file was deleted or not present, the recovery of your encrypted files will not be possible, at least using Tesla Decrypt tool.

So I think It's therefore need to know whether the new ransomware versions still use the same mentioned file and then proceed with test.
 
Joined
Feb 16, 2016
Messages
1
#3
I am having some problem with this maleware called Teslacrypt.. It encrypts many different files. The virus encrypts drives, network shares. It is affecting the one network drive it connects to.