Decryption Tool for TeslaCrypt Ransomware Infection

If our readers can recall, in an earliest post we had discussed TeslaCrypt – what it is and what it does. This post has some important information related to recent findings from our Labs. Read on to know more.

First, a brief flashback!

TeslaCrypt belongs to the family of ransomware; it was detected in February 2015. Once inside the system, it starts looking for information including images, docs, spreadsheets, PowerPoint presentations, etc. However, unlike others ransomware, it also seeks out saved game files (replays, maps, configurations, profiles, etc.) in the infected computer. Once the files are found, the malware begins encrypting them (converting data into an unreadable form, which can only be read with the help of a private key). And to get this key, the victim has to pay a ransom.

Current Situation
Although downright evil and malicious, malware authors are ambitious. If you thought that the TeslaCrypt authors stopped working after creating the first version of this malware, then you would be wrong. The latest version of this malware, reportedly released in November 2015, is known as ‘v8’ or ‘v2.2.0’. While it is not certain how many variants of this malware have been spawned since its inception, the latest version clearly states that the hackers have been keeping themselves busy.

The Quick Heal Threat Research Labs was recently reported about 60+ cases of TeslaCrypt infection. Apparently and fortunately, the encryption tool used by this particular variant is weak and can be broken to reveal the key that is required for decrypting the locked data.

Below is a link to a free tool that can be used by those who fell victim to the latest TeslaCrypt infection and their files were encrypted.

https://github.com/Googulator/TeslaCrack

Note:
TeslaCrypt 2.0 infection can be recognized from the extension “.vvv” added to the names of the encrypted files.

• The recovery process takes a good amount of time so one needs to be patient; also, this tool does not guarantee the recovery of files in all cases.

A word of advice
The steps described for using this tool are not meant for novice users. So, if you are not sure about them, consider seeking assistance from a computer technician or a friendly neighbor who happens to be a computer geek.

To conclude, here are some safety measures to stay away from ransomware attacks:

  1. Never download attachments or click on links in emails received from unwanted or unexpected sources, even if the source looks familiar.
  2. Don’t respond to pop-up ads or alerts while visiting unfamiliar websites.
  3. Apply all necessary security updates to your OS, software, and Internet browsers. Always keep automatic updates ON.
  4. Have a security software installed in your PC that efficiently blocks spam and malicious emails, and automatically restricts access to malicious websites.

And, the most crucial step – while doing this will not save you from a ransomware infection, but will certainly help you recover. Take regular data backups. Ransomware goes after your data, and then threatens you to pay up in exchange for the data. So, if you have a backup, then you are guarded against extortion – which is, in fact, the most important part here.

We will keep you posted if we come across anymore important findings about TeslaCrypt or any of its nasty family members. Stay tuned to our blog, and stay safe!

Rajiv Singha

Rajiv Singha

Follow @Singha_Ra

Subscribe
Notify of
guest
23 Comments
Inline Feedbacks
View all comments
Jayant D Kogekar
Jayant D Kogekar
5 years ago

I had written about this to the Quick Heal support team a few days ago.
Unfortunately there was no reply.
I had to format my PC to get out of the situation.
Hopefully this article of yours would help, if someone in my contacts faces the same problem.

Rajib Singha
Admin
5 years ago

Hi Jayant,

Thanks for writing in. We are regretful that we could not come to your aid on time. We have shared your feedback with our team.

Regards,

BOMAN E AMARIA
BOMAN E AMARIA
5 years ago

Team QuickHeal, Thanks my PC is safe. But copying docs from PC into a Folder in my Pen Drive for printing outside, all docs in that folder got corrupted due infection. Can neither open nor delete them. Advised 2 format PenDrive. Now most UNUSUAL your QuickHeal on my PC as well at printing place does NOT DETECT the infection; as next time printing fm another folder with same vendor another 3-4 docs got corrupted nor able to delete. Since I am in Pune Camp I can bring over the infected Pen Drive for your investigation. Since it is something Unique… Read more »

Rahul Thadani
Admin
5 years ago
Reply to  BOMAN E AMARIA

Hi Boman,

Thank you for sharing your experience. We suggest that you contact our technical support team. They will gladly look into this and provide you with instructions on what to do next. You can reach them here – https://www.quickheal.co.in/submitticket.

Regards.

sahil baviskar
sahil baviskar
5 years ago

actually this is not a comment but a question a few days before i had downloaded a software unintentionally from a site which was unknown to me since i was surfing in the search of an e-book. And in that case it got downloaded by me bcoz i thought that it would help me but it was useless. Now the problem is that now whenever i open my web browser viz. chrome or mozilla a search engine named “yousearching.com” displays its window and also a green colour border appears surrounding the browser.. What should I do? pls i need the… Read more »

Rahul Thadani
Admin
5 years ago
Reply to  sahil baviskar

Hi Sahil,

Please see this post for instructions on how to reset your browser. That will resolve this issue. If the problem persists, please contact our technical support team. They will gladly assist you with this. You can reach them here – https://www.quickheal.co.in/submitticket.

Regards.

KAMENDRA,My
KAMENDRA,My
5 years ago

Dear Sir,

My stem infected with cryptolocker, all the xl, word, pdf etc files changed to unknown format. Please help.

Regards,
Kamendra

Rahul Thadani
Admin
5 years ago
Reply to  KAMENDRA,My

Hi Kamendra,

May we request you to contact our technical support team. They will help you resolve this issue as soon as possible. You can reach them here – https://www.quickheal.co.in/submitticket.

Regards.

agrawal pharmaceuticals
agrawal pharmaceuticals
5 years ago

i lost my product key

Rajib Singha
Admin
5 years ago

Hi,

Kindly visit the link given below to retrieve your lost product key:

http://www.quickheal.com/lost

Regards,

Nageswara Rao
Nageswara Rao
5 years ago

Hello

Is there any solution to decrypt the files affected with cryptowall ransomware?

Rahul Thadani
Admin
5 years ago
Reply to  Nageswara Rao

Hi Nageswara,

May we request you to contact our technical support team. They will help you resolve this issue as soon as possible. You can reach them here – https://www.quickheal.co.in/submitticket.

Regards.

kelly kelvin
kelly kelvin
5 years ago

very very helpful

Sharad Kumar Jain
Sharad Kumar Jain
5 years ago

I have a subscription of Total Security since 03/11/2011 and validity till 03/01/2019. It works wonderful but from few days It is unable to take updates. I called to Customer care for the same problem. It has been suggested to download the updates. I did the same but the quick heal is not updating self and mannualy. the last database is of 12 dec 2015.
Plz suggest and rectify the problem.

Rahul Thadani
Admin
5 years ago

Hi Sharad,

May we request you to contact our technical support team. They will help you resolve this issue as soon as possible. You can reach them here – https://www.quickheal.co.in/submitticket.

Regards.

daljit
daljit
5 years ago

good

Om jain
Om jain
5 years ago

i want to advice you that do not download anything from softanic because it contains malivare

ketan
ketan
4 years ago

my computer is infected with cryptowall plz help me

MD ABDUR RAHMAN
MD ABDUR RAHMAN
4 years ago

Dear Sir,

My stem infected with Cerber2, all the video,imeages, xl, word, pdf etc files changed to cerber2 format. Please help.

Regards,
MD ABDUR RAHMAN

danish
danish
4 years ago

Hi,
my pc infected by cerber ransomware , my jpegs, pdf & doccuments converted in .B2ed extension , plz help me. i am using quick heal since last year,

23
0
Would love your thoughts, please comment.x
()
x