You are welcome to discuss various security topics with our professional team and other users like you!
Read our Registration Agreement and create your FREE account here!

*

never

  • *****
  • 122
  • +26/-0
  • Network Administrator and Malware Researcher
      • View Profile
A new variant of TeslaCrypt Ransomware has reappeared on the radar. Security experts report that the variant extorts users for the sum of around 500 US dollars, uses a more sophisticated encryption technique and an RSA encryption algorithm. For those who do not know, if an RSA algorithm is very strong in bits its decryption via special decryptor is next to impossible and would take many years.

More information about TeslaCrypt 3.0

What is more about the ransomware is that it may use a Trojan such as the Miuref.B variant which is used to steal information about the system of the user and his antivirus protection to infect the computer without being detected.

N.B. This is an open topic about the TeslaCrypt 3.0 Ransomware. You may share your experience, ask for help, upload encrypted files in your reply so that experts can try and assist you and suggest methods and tools for decryption. We urge all users to provide as much information as possible in order to cooperatively establish a workaround and help affected users.



*

xilindra

  • *
  • 1
  • +0/-0
      • View Profile
Re: Restore Files Encrypted with .xxx .ttt and .micro File Extensions
« Reply #1 on: January 19, 2016, 06:22:59 pm »
buenas tardes.
hoy se me ha infectado el ordenador y a todos mis documentos se le ha puesto la extensión ".micro" . He estado mirando pero no soy a desencriptarlos.  :'( :'( :'( :'( :'( :'(.

agradecería la ayuda de alguien.

*

Execute

  • *****
  • 388
  • +55/-0
  • Your friendly neighbourhood IT guy
      • View Profile
Re: Restore Files Encrypted with .xxx .ttt and .micro File Extensions
« Reply #2 on: January 20, 2016, 11:00:56 am »
Good day xilindra,

did you check the article on our site - Remove TeslaCrypt 3.0 and Restore .micro Encrypted Files ? Have you removed the virus with a security program?

You can send files locked with the ".micro" extension to idunn0@abv.bg email address. We will try to decrypt them.
We can't promise we will succeed, because the files are known to be encrypted with a very strong algorithm.

Kind Regards,
Execute

Re: Restore Files Encrypted with .xxx .ttt and .micro File Extensions
« Reply #3 on: January 27, 2016, 02:09:05 pm »
i have the same problem, its really make me so desperate  :'(  so i do format my drive C:system,
i do that because my file, doc etc in another drive, so it will be okay to format my system drive.
after that i think that malware have been remove from my pc,
but not my file in drive D: still corrupted and i can't open,  still named with xxxx.xls.MICRO, xxxx.pdf.MICRO
i have tried kaspersky, recuva, eaesus data recovery but still dont make any change to my file.
is there any solution to repair my file?

Thanks


 

 
   

*

Execute

  • *****
  • 388
  • +55/-0
  • Your friendly neighbourhood IT guy
      • View Profile
Re: Restore Files Encrypted with .xxx .ttt and .micro File Extensions
« Reply #4 on: January 27, 2016, 02:26:23 pm »
@Arie Prasetyo, we understand your frustration. Send some encrypted files over at idunn0@abv.bg email address.
We will try to decrypt them and write back with results. So far we haven't succeeded with the decryption of such files, but we are experimenting.

Kind Regards,
Execute

Re: Restore Files Encrypted with .xxx .ttt and .micro File Extensions
« Reply #5 on: February 01, 2016, 11:13:22 am »
I have the same problem. The extension is .micro. I found on partition C: a file recover_file_qrskmtcru.txt which contain this:
1kjbjYubyKK52j33jZkYYW3w199zxE2L9
04FB78F674CA623F0C02DA28024588DF8EA404CA3612DACA845F2AD86B5C0D382B921D56AEF829999CA3A8028DFD9FAD995028D744FBC71D81E3CF94F7EE4C8DA3695845B33677E4666353B1F3F1CD8C10E9F14280642EADF0F080B02DF036A014
B205A5CECDF61A8
93
Is this a key useful for decryption?
Thank you

Re: Restore Files Encrypted with .xxx .ttt and .micro File Extensions
« Reply #6 on: February 02, 2016, 05:55:23 pm »
@EXECUTE : thanks for your attention, I sent example file to your email.

*

Execute

  • *****
  • 388
  • +55/-0
  • Your friendly neighbourhood IT guy
      • View Profile
Re: Restore Files Encrypted with .xxx .ttt and .micro File Extensions
« Reply #7 on: February 03, 2016, 11:33:47 am »
@paulpotirniche, thanks for the information - you might be right - it sure does look like some sort of key, but it can also be random letters / a bug or something else. I will check up on that with the team.

@Arie Prasetyo, no problem, file is received. I will keep you posted.

Best Regards,
Execute

*

di:cesare

  • *
  • 1
  • +1/-0
      • View Profile
Re: Restore Files Encrypted with .xxx .ttt and .micro File Extensions
« Reply #8 on: February 04, 2016, 09:48:47 am »
Hi,
To help solve this problem, I report my experience:

I friend of mine on 26/01 open a mail (apparently coming from his friend) with a .ZIP file.
She opened also the .ZIP file (!) and after a little all icons on desktop disappeared (becoming white like no program association).
Then she call me and I said her to cut off pc power suddenly.
After all I came her house and I boot with a linux distro, discovering the infection from TeslaCrypt.
Encrypted files where all with .micro extention and every encrypted foldes contain the two files of instruction to remove encryption.
Into the /Document&Settings/<user_name>/Desktop/ there were two file (here named: recover_file_ktvxckyvh and recover_file_rormkcdck) like in paulpotirniche message.

Will we suppose to be the encryption key or a temp file the virus program use during encryption process?
I hope :-)

If you want I can send same encrypted files and the two key file to your email.

Best regards

*

Execute

  • *****
  • 388
  • +55/-0
  • Your friendly neighbourhood IT guy
      • View Profile
Re: Restore Files Encrypted with .xxx .ttt and .micro File Extensions
« Reply #9 on: February 04, 2016, 09:58:36 am »
@di:cesare,

Anything that can be of help in finding a solution to these nasty ransomware viruses is welcome!
Send the files to the idunn0@abv.bg email address.
We are trying to figure it out (whether it's still one of the keys), but it will take some time.

All the Best,
Execute

*

dvd83i

  • *
  • 1
  • +0/-0
      • View Profile
Re: Restore Files Encrypted with .xxx .ttt and .micro File Extensions
« Reply #10 on: February 04, 2016, 01:17:26 pm »
Hello everyOne! I've the same issue and i've just sent an email to idunn0@abv.bg with three of a lot of other files encrypted! Tanks a lot!!

Davide

*

Marcodinardo

  • *
  • 1
  • +0/-0
      • View Profile
Re: Restore Files Encrypted with .xxx .ttt and .micro File Extensions
« Reply #11 on: February 05, 2016, 01:27:40 am »
Hi,
I have the same problem.
all my files have exstension .micro, but i have find 3 .txt files in Documents Folder:

recover_file_dfphhxqrr.txt
recover_file_hmoymagcn.txt
recover_file_lqnwjbbyd.txt

witch contains:

1JmurZ1fyuG7pGtEB4wNRtdTnag8GQZL6U
04E94F16A9FF7BDDD5331D4F8F50B0A04A59DA5092949570351A65091C6FB1CCBA66637B68A60D8209446C9EA62E71B1142C361F18BEEDF1FC88F699266F169E0FFA8F2BA8B4DB0721FC94259608D63A0F757EE7EAEE6DAE5264015F0E9F7D8B61
69F6291D667228D
80

i'm really disperate  :'( :'( :'( :'(

I hope you can help me

i'll try send you a copy of my file to idunn0@abv.bg email address

thanks


*

Execute

  • *****
  • 388
  • +55/-0
  • Your friendly neighbourhood IT guy
      • View Profile
Re: Restore Files Encrypted with .xxx .ttt and .micro File Extensions
« Reply #12 on: February 05, 2016, 10:30:13 am »
@dvd83i
Files received, we'll see what we can do.

@Marcodinardo
Ok, thanks for the info, now that we have 2 examples of the recover_file, it really appears to be 2 keys inside, used for the encryption process. We shall see if we can somehow use them in the recovery process, but I doubt they are left there by mistake... It looks like the virus creators are trying to leave a message or to mock us...

*

Tazzoli

  • *
  • 1
  • +0/-0
      • View Profile
Re: Restore Files Encrypted with .xxx .ttt and .micro File Extensions
« Reply #13 on: February 05, 2016, 08:51:09 pm »
Hi, we have same problem, but the CPU where was the virus is service pubblic computer so their file are very important and sensitive. I send e-mail with two file: one .micro and one txt "recover_file_ipomgruox.

Sorry for my bad english and thanks

*

bertoz

  • *
  • 4
  • +0/-0
      • View Profile
Re: Restore Files Encrypted with .xxx .ttt and .micro File Extensions
« Reply #14 on: February 07, 2016, 09:27:57 am »
hi execute
i have the same problem with .micro extension  :'(
i search on the web solutions, i try different things but don't work  :'( (shadow explorer, linux with decrypt.py, tesladecryptor, ecc...)

i send an email with my .micro files
i hope in your answer
thanks a lot