TeslaCrypt

upnorth

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,458
The Talos Security Intelligence and Research Group ( Talos ) reported in April 27, 2015 that they made a tool ( TeslaDecrypt ) that was able to decrypt the files encrypted by the TeslaCrypt ransomware. My question is...does this tool still work?

The tool is old by now but I'm still curious so any member up for the challange and have time for it please feel free to test it and report back what happend.

Threat Spotlight: TeslaCrypt – Decrypt It Yourself

vrtadmin/TeslaDecrypt · GitHub

Also seen a tool on bleepingcomputer.com that's supposed to be effective for the newer TeslaCrypt versions. TeslaDecoder.
 
L

LabZero

It would be good to test this tool to see if it also works with new Tesla Crypt versions.

Reading the article, it is evident that the infected system must necessarily still contains a file called key.dat.
In this file, Tesla Crypt retains a variety of information used to encode files and It's essential to decoding task;

key.dat file is stored inside the % appdata% Windows folder. In case the file was deleted or not present, the recovery of your encrypted files will not be possible, at least using Tesla Decrypt tool.

So I think It's therefore need to know whether the new ransomware versions still use the same mentioned file and then proceed with test.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top