TeslaCrypt Maker 'Sorry,' Releases Master Key

Share

• Copy link
• Facebook
• X
• Whatsapp
• Reddit
• Pinterest
• Flipboard
• Email

Share this article

Join the conversation

Follow us

Add us as a preferred source on Google

Newsletter

Get the Tom's Guide Newsletter

Here at Tom’s Guide our expert editors are committed to bringing you the best news, reviews and guides to help you stay informed and ahead of the curve!

Become a Member in Seconds

Unlock instant access to exclusive member features.

Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors

---

By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

You are now subscribed

Your newsletter sign-up was successful

---

Want to add more newsletters?

Daily (Mon-Sun)

Tom's Guide Daily

Sign up to get the latest updates on all of your favorite content! From cutting-edge tech news and the hottest streaming buzz to unbeatable deals on the best products and in-depth reviews, we’ve got you covered.

Signup +

Weekly on Thursday

Tom's AI Guide

Be AI savvy with your weekly newsletter summing up all the biggest AI news you need to know. Plus, analysis from our AI editor and tips on how to use the latest AI tools!

Signup +

Weekly on Friday

Tom's iGuide

Unlock the vast world of Apple news straight to your inbox. With coverage on everything from exciting product launches to essential software updates, this is your go-to source for the latest updates on all the best Apple content.

Signup +

Weekly on Monday

Tom's Streaming Guide

Our weekly newsletter is expertly crafted to immerse you in the world of streaming. Stay updated on the latest releases and our top recommendations across your favorite streaming platforms.

Signup +

---

Join the club

Get full access to premium articles, exclusive features and a growing list of member rewards.

Explore

---

An account already exists for this email address, please log in.

Subscribe to our newsletter

Victims of the TeslaCrypt ransomware have a new hope. The developers of the nefarious malware strain have apparently shut down operations and released a master key that will unlock all encrypted files on computers infected by the latest versions of TeslaCrypt.

"Project closed," one of the developers said in a posting on the TeslaCrypt Dark Web site. "Master key for decrypt: 440A241DD80FCC5664E861989DB716E08CE627D8D40C7EA360AE855C727A49EE. Wait for other people make universal decrypt software. We are sorry!"

That note was prompted by a question from a researcher from Slovak antivirus firm ESET, who had noticed that TeslaCrypt operations seemed to be winding down in recent weeks.

Using the master key, ESET has created a decryptor tool that is available for download, with detailed instructions, from the ESET website. Another TeslaCrypt decoder with an easier-to-use interface has been posted on the Bleeping Computer website.

MORE: How Can I Protect Myself from Ransomware?

TeslaCrypt first appeared in early 2015 and initially targeted players of PC games, locking up game files and demanding $500 in Bitcoin to release the decryption keys. It later became more generalized, attacking all sorts of PC users. Infection generally came via corrupted websites, malvertising or email attachments.

TeslaCrypt was also added to the Angler and Nuclear browser exploit kits, prepackaged troves of malware that hit browsers with one attack after another. Versions 1 and 2 of TeslaCrypt had flaws that were discovered and exploited by antivirus researchers, but versions 3 and 4 were much better. 

ESET's decryptor tool works against both of the latter versions, unlocking files that were given the extensions .xxx, .ttt, .micro or .mp3, as well as those files that had the original file extensions unchanged.

This isn't the first time a ransomware developer or distributor has had a change of heart. In June, the apparent creator of the Locker ransomware suddenly unlocked all the computers that had been infected, possibly because he'd made enough money over the eight days that Locker was active.

"I'm sorry about the encryption, your files are unlocked for free," he wrote in a note. "Be good to the world and don't forget to smile."

Likewise, Bleeping Computer's Lawrence Abrams noted that the distributors of TeslaCrypt, who may be separate from the ransomware's developers, had moved on to distributing the newer CryptXXX ransomware.

Fortunately, CryptXXX has been cracked at least twice, most recently by Kaspersky Labs, which has its own CryptoXXX decryptor tool available for download. Bitdefender has a generic ransomware-decryption tool that periodically adds new updates.

Ransomware has lately become the malware of choice for cybercriminals. It's guaranteed to generate substantial returns, as the victims often include hospitals, small-town police departments or educational facilities that can't afford to lose valuable data on patients, ongoing criminal cases or students.

For those victims, paying $500 or $1,000 in Bitcoin is a lot easier than hiring an outside consulting firm to try to recover the data, a task made nearly impossible if the ransomware's encryption is implemented correctly. Even backup drives are often encrypted if the drives are permanently connected to the main system.

However, most ransomware attacks exploit well-known software flaws, or use easy-to-spot email scams. So keep your software patched and don't click to open resumes, invoices or shipping invoices in emails you're not expecting. And don't forget to install and run robust antivirus software.

• Identity Theft Victim? Here's 6 Things You Need to Do
• How to Protect Yourself from Tech-Support Scams
• 12 Computer-Security Mistakes You're Probably Making