Master Key Brings Relief, Reverses TeslaCrypt Ransomware

Are you a victim of the particularly troublesome strain of ransomware called TeslaCrypt? Fret not, the malware authors have turned a leaf and have now offered the decryption key that will enable you to recover all your encrypted files. The decryption key is free.

The TeslaCrypt strain of ransomware has been a particularly irksome malware used in massive malvertising campaigns that routinely targets PC gamers to encrypt critical files on a target’s hard drive. The dispersal of said malware routinely occurs through phishing emails, corrupted websites and malvertising.

First detected in early 2015, the ransomware typically targeted gaming files such as user profiles, game saves, recorded replays and other files among game folders. The ransomware is limited to encrypting files below 268 MB. The second version of the ransomware demand a $500 ransom via a HTML page on a web browser. The most common victims of the ransomware were typically found in the USA, Germany and Spain.

In what is seen as a surprising turn, the authors and operators of the TeslaCrypt ransomware have decided to cease their malicious operation and to publicly release a universal master decryption key. The news is certain to come as a welcome relief for victims who have fallen victim to the ransomware.

TeslaCrypt’s operators announced the following on a TOR website, claiming that they’re wrapping up their operations:

“Project closed! Master key for decrypt:440A241DD80FCC5664E861989DB716E08CE627D8D40C7EA360AE855C727A49EE. Wait for other people make universal decrypt software. We are sorry!”

Researchers at Slovakia-based security firm ESET have revealed the malware group were contacted by an in-house analyst anonymously, via the official channel offered to the ransomware victims by TeslaCrypt authors. They sought the universal master decryption key and lo and behold – the malware operators revealed the master key publicly.

ESET were quick to develop a decrypting tool, now available to download for free. The tool will heal all encrypted files with the extensions .xxx, .ttt, .micro, .mp3 and others that have been left unchanged.

Other developers were quick to catch on, with GUI-rich decryptors developed and released, for free, for victims of the ransomware. A complete guide toward using a user-friendly decryptor called TeslaDecoder, used to decrypt Teslacrypt Encrypted Files is available here.

Image credit: BleepingComputer.