Bye-bye, TeslaCrypt: Grand finale

All files encrypted with TeslaCrypt ransomware can now be decrypted … thanks to its creators

Bye-bye, TeslaCrypt: Grand finale

According to the theory of probability, strange things have to happen every now and then: There is a small chance that a particular strange thing might happen and an infinite number of things or events that we would probably call strange. Sometimes these strange things are rather good — like, for example, the news that the cybercriminals behind the TeslaCrypt ransomware suddenly released the master key. Using that master key, anyone can decrypt the files that were encrypted by every version of TeslaCrypt. Just, wow.

Bye-bye, TeslaCrypt: Grand finale

It seems that for some reason the cybercriminals have decided to stop distributing TeslaCrypt — ransomware that was considered one of the worst so far of its kind. The distribution campaigns that used to bring TeslaCrypt to the victims switched to carrying CryptXXX instead (for which Kaspersky Lab has developed a cure).

Once the security researchers at ESET noticed that, they decided to use the TeslaCrypt’s TOR support site to ask if the cybercriminals would kindly release the master key … and they agreed. The now-defunct support site features the master key and notes “Project closed” and “we are sorry!”

http://www.bleepstatic.com/images/news/ransomware/t/teslacrypt/teslacrypt-closed/teslacrypt-closed.png

But for an average computer user, the key is of no use without some code. That’s why BleepingComputer user BloodDolly, who had previously tried to make decryption utilities for TeslaCrypt, has used the key to update his TeslaDecoder.

The utility is rather easy to use. To decrypt your files, you’ll have to enter the key, select the file extension that TeslaCrypt used to encrypt your files, and then choose the destination folder with encrypted files — or just allow the utility to scan your whole hard drive.

You can download BloodDolly’s TeslaDecoder from BleepingComputer.

The demise of TeslaCrypt is especially good news because the ransomware’s encryption methods were constantly evolving since its release in February 2015. We at Kaspersky Daily have covered three different versions of TeslaCrypt. Although the researchers were able to find the cure for the first one, they hadn’t managed to achieve the same result with the second and third versions. But with the release of the master key, it finally became possible.

Although cases in which criminals realize that they’ve done real harm to people and decide to change are rather rare, we hope this won’t be the last case of ransomware makers ceasing their bad works and trying to mend the damage they’ve done. There’s a lot of different ransomware and a small chance that at least one more cybercriminal will realize that they are doing harm. A lot of small chances sum into something bigger, so our hopes aren’t groundless.

Tips