Hit by TeslaCrypt ransomware? Here’s the solution

Extortionists reveal master key to anti-virus researchers.

Hit by TeslaCrypt ransomware? Here's the solution

Too often stories about ransomware infections have unhappy endings.

On many occasions, home users and businesses find themselves in the distressing position of finding themselves with their files encrypted weighing up the rights and wrongs of paying Bitcoins to a gang of anonymous extortionists to recover their data.

So it’s good to share some good news, which should provide some cheer and hope to victims of versions of TeslaCrypt, one of the most notorious instances of ransomware.

Sign up to our free newsletter.
Security news, advice, and tips.

Teslacrypt master key

As researchers at ESET describe, the ransomware gang behind TeslaCrypt seems remarkably happy to help without demanding payment:

“One of ESET’s analysts contacted the group anonymously, using the official support channel offered to the ransomware victims by the TeslaCrypt’s operators, and requested the universal master decryption key.

Surprisingly, they made it public.

This allowed ESET to create a free decrypting tool promptly, which is able to unlock files affected by all variants of this ransomware.”

I don’t like to say much positive about cybercrime gangs, but it seems like on this occasion they provided some excellent customer service! And, by crikey, they even said sorry!

The smart folks at ESET were able to use the information provided to build a TeslaCrypt decryption tool (with a funky ANSI.SYS-style logo – nice work guys!)

Teslacrypt decryption tool

More details of the decryption tool can be found in this ESET support knowledgebase article.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

3 comments on “Hit by TeslaCrypt ransomware? Here’s the solution”

  1. Vito Tuxedo

    Well whaddya know…pigs can fly after all. ;)

  2. Thiha Han

    The cynic inside me offers an alternative scenario: these dudes have just written an even more vicious ransomware software, and so they're providing the key to this (now outdated) software just in case they're caught sometime in the future…and need some goodwill…

  3. Cihan

    hi, does anyone know a solution for locky extension files ?

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.