Attacks have reportedly increased by the eight version of TeslaCrypt. The ransomware itself has been reported to encrypt files with the questionable .vvv extension as well as others. Some people believe that the encrypted files are coded by a powerful RSA-2048 encryption algorhitm, howerver it is not known exactly how many and what algorhitms have been used as well as their strength. What is even worse is that the newest 8th variant of TeslaCrypt is so complicated that there is alsmost no way of decrypting the data in full.

We advise users to monitor Cisco, Kaspersky and other big names focused partially on malware research since they have released successful decryptors for the previous versions of TeslaCrypt.

Important:  Otherwise users can try the old decryptors, but bear in mind that the chance is extremely low, because every version uses different combination of file-encryption techniques and this one may have significantly improved its weak spots. However, on the other side in case there are situations where files may have been encrypted with less powerfull algorhitms(by different variants) there may be little or no chance for users to decrypt some of their files.



Before trying the decryptors, make sure you save a copy of the encrypted files on a USB stick or any other external device and then make sure you have removed this malware completely or try decrypting them from a safe PC. In case you are using the file recovery tools, make sure you are offline, just in case.

Here is a web link on how to remove this malware, before decrypting your data(It is Windows 10 based but the same principle applies for other Windows versions as well):

http://sensorstechforum.com/forums/malware-removal-questions-and-guides/remove-malware-from-your-pc-completely/

Here are the decryptors:

The TeslaDecoder by BloodDolly

TeslaDecoder by BloodDolly - http://www.dropbox.com/s/abcziurxly2380e/TeslaDecoder.zip?dl=0
Latest Changelog for TeslaDecoder here - http://download.bleepingcomputer.com/BloodDolly/changelog.txt

The Talos TeslaCrypt Decryption Tool
Talos TeslaCrypt Decryption Tool by Cisco - https://github.com/vrtadmin/TeslaDecrypt/tree/master/Windows
Also, here are the command lines for the Talos TeslaCrypt Decryption Tool:

    /help – Show the help message
    /key – Manually specify the master key for the decryption (32 bytes/64 digits)
    /keyfile – Specify the path of the “key.dat” file used to recover the master key.
    /file – Decrypt an encrypted file
    /dir – Decrypt all the “.ecc” files in the target directory and its subdirs
    /scanEntirePc – Decrypt “.ecc” files on the entire computer
    /KeepOriginal – Keep the original file(s) in the encryption process
    /deleteTeslaCrypt – Automatically kill and delete the TeslaCrypt dropper (note that the tool is also capable of killing its processes in case its active)

EaseUS Data Recovery Wizard Free

Here is a free program which uses different methods to search through your computer and recover files that are even deleted beyond all saving. It is no guarantee that it will work, but some say they have recovered at least 10 percent of their files and some other files were partially broken. So in case you want to try it out, here is the download link for the tool:

http://www.easeus.com/datarecoverywizard/free-data-recovery-software.htm

Shadow Explorer

You may as well try running Shadow Explorer in case you have File History or backup enabled. You can download it from here, but note that TeslaCrypt may as well have malicious scripts that delete any backups and previous file versions. Here is the download link for Shadow Explorer:

http://www.shadowexplorer.com/downloads.html

Look for the latest version and you may as well download the portable one since it saves you time.

This is as far as I can suggest, try it and reply whether or not you have been successful. Again, there is absolutely no guarantee that any of the methods are working, but we are talking about encrypted files here, after all so it may be worth the try.

We urge users to let us know whether or not you have suceeded so that you assist us and other users by raising awareness of the weakspots of this malware.

Best Regards,

Never

Would like to mention how it kept running a process to clear shadow volumes on my mother's computer.

Which ****'d up my NAS.

The key.dat is located in the registry this time.

Hello,

How many did you lose (In GB) ? And did you lose them completely or are they solely encrypted ?

Br,
Never

Would like to mention how it kept running a process to clear shadow volumes on my mother's computer.

Which ****'d up my NAS.

The key.dat is located in the registry this time.

Do you have access to the "key.dat" file? If it's in the Windows Registry - can you see any information about it? Any "values" in the registry entries?

Also, if there is a registry entry, there should be a file with the same name somewhere. Usually registry files are kept in C:\Windows directory (or where the OS is installed). The bad thing is, that the file might be stored somewhere over the internet with this variant.

If you do find it on the disk of the PC, you should scan it with a security program first. You never know if there is some malware along with .dat files. Then, you should check if you can open the file with Notepad and see if the first line inside can give us more information about it.

Write back with any info.

We tried around 10 different decryptors, but only 1 of them tried to run and restore some files - Kaspersky's Rakhni Decryptor.

Alas, no matter the type of file, be it a picture or some kind of document,
Kaspersky's Rakhni Decryptor failed to decrypt any, even after 8 days of trying:



We are currently testing out another method, that hopefully yields better results.

Best Regards,
Execute

If there is anyone infected by teslacrypt and have encrypted files (.vvv, .ecc, .ezz, .exx, .xyz, .zzz, .aaa, .abc, .ccc) , i can help, please send couple of encrypted files to my email address (mcerdem82@yahoo.com)

dercryed document with vvv extention

Edit by sensadmin: I moved your post here, in a relative discussion.

dercryed document with vvv extention

Hello, @nkurunziza,

what did you meant by that? You have a decrypted .vvv file, or you want such a file to be decrypted?

And did you know that there is already a Decryption Key for TeslaCrypt, released by the ransomware makers themselves?

You can read the article about the defeat of TeslaCrypt for more information.

Write here if you got any questions.

Best Regards,
Execute

@Carlosacroi, what do you mean by that quote? 
I did not understand - do you have the same problem?

Best Regards,
Execute

hello, Can you help me?

hello, Can you help me?

Hello.
Maybe. What do you need help with?