Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Decrypt Files Encrypted by TeslaCrypt Ransowmare using TeslaDecoder

teslacrypt-decryption-senosrstechforumWhen TeslaCrypt ransomware was first released, it started infecting users with a “bang”. The virus had multiple variants which suggested that it may have been used by more than one hacking teams. Fortunately, a decryptor has been released for free for TeslaCrypt ransomware, which is why we have decided to create instructions and hence simplifies the user into decrypting files encoded by the TeslaCrypt ransomware. Due to its many variants, the decryptor, kindly created by the malware researcher BloodDolly works with the master key released into the public and affected users can now decrypt their files. The decryptor is called TeslaDecoder and in this article, we will show you how to effectively decrypt TeslaCrypt files.

TeslaCrypt Ransomware – A Bit of Background

TeslaCrypt’s latest 3.0 and 4.0 versions have made a lot of money to their creators by encrypting files with a very strong encryption algorithm. Researchers believe that the current algorithm used by the latest version of TeslaCrypt is a very strong RSA cipher. Unlike the 3rd version, the 4th version of TeslaCrypt force-restarts the computer of the user to begin encrypting a wide variety of often used file types.

However the good news is that the following master decryption key was released for the many variants (.xxx, .ttt, .jpg, .mp3, .exx, .ezz, .ecc, .micro) of TeslaCrypt ransomware:

440A241DD80FCC5664E861989DB716E08CE627D8D40C7EA360AE855C727A49EE

This pushed researchers into creating a working decryptor, named TeslaDecoder. Below we will show you how to decode your files using it.

Decrypting Files Encrypted by TeslaCrypt Ransomware

We have decided to separate this decryption process in two stages – preparation and decryption, to make the process effective and efficient. Here are the instructions:

Preparation Stage

Just in case this process takes some time for your computer, to complete and you happen to be busy with other activities while decryption commences, we have left instructions on how to disable automatic hibernation and shutdown on your computer:

Step 1: Click on the battery icon in your system tray (next to the digital clock) in Windows and then click on More Power Options.
Step 2: The Power Options menu will appear. In your power plan click on Change Plan Settings.
Step 3: In your plan’s settings make sure you set “Turn off the display” and “Put computer to sleep” to “Never” from the drop down minutes menu.
Step 4: Click on “Change Advanced Plan Settings” and click to expand the “Hard Disk” option in the list there.
Step 5: From there, set the power settings (On Battery and Powered On) to “Never”.

Decryption Stage

To decode files, you should first download the TeslaDecoder tool, by clicking on the button below:

Download

Tesla Decoder

After downloading the software, you should see it as a .ZIP file. It is an archive file. You should download WinRar software or use the built-in zip reader of Windows to open it and extract the “TeslaDecoder” somewhere you can easily open it:

1-tesladecoder-zip-file-sensorstechforum
2-tesla-decoder-extract-sensorstechforum

As soon as you have extracted the folder, open it. In it locate and open TeslaDecoder.exe file:

3-tesladecoder-sensorstechforum-exe-file

After you have opened it, you should see the below posted screen. From there, click on the “Set Key” button:

4-tesladecoder-teslacrypt-set-key-sensorstechforum

After you do this, a sub-menu will appear with a drop-down list of the variants of TeslaCrypt. Choose your variant after which click on the “Set Key” button and this sub-menu shall close:

5-tesladecoder-teslacrypt-version-sensorstechforum

From there you have several options:

  • Decrypt Folder – specify a folder to decode.
  • Decrypt All – decrypt all files of this variant. (overwrites the encrypted files – backup is recommended)
  • Decrypt List – decrypt files from a pre-set file list.

In case you did not choose to overwrite your files, the decoder will save them in a backup copy under the .TeslaDecoder extension.

Conclusion

Since the risk of you having TeslaCrypt still on your computer, we recommend you decrypt the files from a safe computer, or secure your computer for the moment and the future as well. This is the reason we have created several steps to help you secure your computer and at the same time stay protected from ransomware in the future as well:

Step 1: Make sure to read our general protection tips and try to make them your habit and educated others to do so as well.
Step 2: Install an advanced anti-malware program that has an often updated real-time shield definitions and ransomware protection.

Download

Malware Removal Tool


Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter

Step 3: Seek out and download specific anti-ransomware software which is reliable.
Step 4: Backup your files using one of the methods in this article.

Unfortunately for many users, these methods somehow may not work with TeslaCrypt’s .vvv variant.

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.