Wolfenstein City - Community

The malware infects computers via the Angler Adobe Flash exploit.

Even though the ransomware claims that TeslaCrypt uses asymmetric encryption, researchers from Cisco’s Talos Group later found out that symmetric encryption is used and Cisco developed a decryption tool for it.

[url=http://www.pcworld.com/article/2915812/decryption-tool-available-for-teslacrypt-ransomware-that-targets-games.html]pcworld.com[/url] Apr 28, 2015 5:15 AM hat geschrieben:Some versions of TeslaCrypt store the encryption key in a file called key.dat on infected systems, but others delete it after they finish encrypting files and store an encrypted version of it in a different file called RECOVERY_KEY.TXT, the Cisco researchers said Monday in a blog post.

The researchers developed a tool that can decrypt files affected by TeslaCrypt if the master encryption key is still found in key.dat. Users should save a copy of this file as soon as they realize that their computers have been infected with TeslaCrypt so they can later use it with the Cisco tool.

The Cisco researchers are still working on reverse-engineering the algorithm used by attackers to restore the master encryption key based on the recovery key. If successful, this will allow them to also decrypt files from versions of TeslaCrypt that delete the master key from the key.dat file when the encryption operation is done.