TeslaCrypt Maker 'Sorry,' Releases Master Key

Victims of the TeslaCrypt ransomware have a new hope. The developers of the nefarious malware strain have apparently shut down operations and released a master key that will unlock all encrypted files on computers infected by the latest versions of TeslaCrypt.

Credit: BestPhotoStudio/Shutterstock

(Image credit: BestPhotoStudio/Shutterstock)

"Project closed," one of the developers said in a posting on the TeslaCrypt Dark Web site. "Master key for decrypt: 440A241DD80FCC5664E861989DB716E08CE627D8D40C7EA360AE855C727A49EE. Wait for other people make universal decrypt software. We are sorry!"

That note was prompted by a question from a researcher from Slovak antivirus firm ESET, who had noticed that TeslaCrypt operations seemed to be winding down in recent weeks.

Using the master key, ESET has created a decryptor tool that is available for download, with detailed instructions, from the ESET website. Another TeslaCrypt decoder with an easier-to-use interface has been posted on the Bleeping Computer website.

MORE: How Can I Protect Myself from Ransomware?

TeslaCrypt first appeared in early 2015 and initially targeted players of PC games, locking up game files and demanding $500 in Bitcoin to release the decryption keys. It later became more generalized, attacking all sorts of PC users. Infection generally came via corrupted websites, malvertising or email attachments.

TeslaCrypt was also added to the Angler and Nuclear browser exploit kits, prepackaged troves of malware that hit browsers with one attack after another. Versions 1 and 2 of TeslaCrypt had flaws that were discovered and exploited by antivirus researchers, but versions 3 and 4 were much better. 

ESET's decryptor tool works against both of the latter versions, unlocking files that were given the extensions .xxx, .ttt, .micro or .mp3, as well as those files that had the original file extensions unchanged.

This isn't the first time a ransomware developer or distributor has had a change of heart. In June, the apparent creator of the Locker ransomware suddenly unlocked all the computers that had been infected, possibly because he'd made enough money over the eight days that Locker was active.

"I'm sorry about the encryption, your files are unlocked for free," he wrote in a note. "Be good to the world and don't forget to smile."

Likewise, Bleeping Computer's Lawrence Abrams noted that the distributors of TeslaCrypt, who may be separate from the ransomware's developers, had moved on to distributing the newer CryptXXX ransomware.

Fortunately, CryptXXX has been cracked at least twice, most recently by Kaspersky Labs, which has its own CryptoXXX decryptor tool available for download. Bitdefender has a generic ransomware-decryption tool that periodically adds new updates.

Ransomware has lately become the malware of choice for cybercriminals. It's guaranteed to generate substantial returns, as the victims often include hospitals, small-town police departments or educational facilities that can't afford to lose valuable data on patients, ongoing criminal cases or students.

For those victims, paying $500 or $1,000 in Bitcoin is a lot easier than hiring an outside consulting firm to try to recover the data, a task made nearly impossible if the ransomware's encryption is implemented correctly. Even backup drives are often encrypted if the drives are permanently connected to the main system.

However, most ransomware attacks exploit well-known software flaws, or use easy-to-spot email scams. So keep your software patched and don't click to open resumes, invoices or shipping invoices in emails you're not expecting. And don't forget to install and run robust antivirus software.

TOPICS
Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.

Latest in Online Security
A person on a laptop converting a PDF to a DOC
FBI issues warning over free online file converters that infect your PC with malware
A hacker typing quickly on a keyboard
New MassJacker malware is hijacking digital wallets to steal large sums from users
A woman using her laptop securely with a cup of coffee in hand
5 common mistakes people make when shopping for antivirus software
Windows
240 million Windows 10 users are vulnerable to six different hacker exploits — protect yourself now
Victims of Identity Theft
FTC says Americans lost $12 billion to scams last year and these were the worst ones — here's how to stay safe
Apple iPhone 16 Plus Review.
Apple just released an emergency security update for a flaw used in an ‘extremely sophisticated attack’ — update your devices right now
Latest in News
A person on a laptop converting a PDF to a DOC
FBI issues warning over free online file converters that infect your PC with malware
The Find my People feature
Android Find My can now track your friends and family — here's how to use it
Foldable iPhone concept image
Are you sitting down? Here’s what the foldable iPhone could cost
Samsung HW-Q990D soundbar
Samsung’s flagship 2024 soundbar just got bricked by a new firmware update — don’t update
A hacker typing quickly on a keyboard
New MassJacker malware is hijacking digital wallets to steal large sums from users
Owen Cooper as Jamie Miller in Adolescence
'Adolescence' is a gripping new Netflix show that's already hit No. 1 — and it’s 100% on Rotten Tomatoes