Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


The End of TeslaCrypt – Master Decryption Key Available

teslacrypt-ransomware-master-decryption-keyTeslaCrypt ransomware has turned many users into victims. However, this ransomware story may be coming to its foreseeable end. According to an ESET researcher, the vicious file-encryption operation is now shut down. A free decryption key is available to anyone who wants to unlock their files.

TeslaCrypt Operators Make Master Decryption Key Public

The researcher says he made contact with the virus operators via the support channel on their website hosted on the Dark Web. The threat actors said they were shutting down TeslaCrypt. They even agreed to offer a master decryption key for victims.

The decryption key has been posted on the Dark Web page which was available for victims’ payments. The following message is attached to it:

Project closed. Master key for decrypt [KEY] Wait for other people make universal decrypt software. We are sorry!

Luckily, the master decryption key is suitable with TeslaCrypt version 3 and 4. Those versions are known to append a secondary file extension to encrypted files – .xxx, .ttt, .micro, .mp3.

For more information, visit our security forums

More about ESET TeslaCrypt Decrypter

Even though the master decryption key has been made public, ESET has already created a TeslaCrypt Decrypter.

Furthermore, BloodyDolly’s TeslaDecoder has also been upgraded to work with the decryption master key. According to multiple security researchers, TeslaCrypt’s infections have started to fade away. The intensity of spam campaigns spreading the virus has declined, too.

One logical question to be asked here is what led to the diminishment of the threat. It’s simple – the ransomware operators switched to developing another ransomware. CryptXXX.

From TeslaCrypt to CryptXXX

According to BC’s Lawrence Abrams, the cybercriminal group has shifted to CryptXXX. As to why – CryptXXX may have appeared to be the more profitable ransomware strain to “nurture”. However, it’s already been cracked by Kaspersky not once but twice (CryptXXX 1.0 and CryptXXX 2.0).

Here’s how to remove CryptXXX

In addition, white hats have been continuously working towards the breakdown of multiple ransomware families, such as Locky, which was recently “hacked” to distribute antivirus files instead of ransomware.

If the end is near for TeslaCrypt, CryptXXX, and Locky, what could be next?

Milena Dimitrova

An inspired writer, focused on user privacy and malicious software. Enjoys 'Mr. Robot' and fears '1984'.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.