TeslaCrypt Decryption Tool
Talos has developed a decryption tool to aid users whose files have been encrypted by TeslaCrypt ransomware. The Talos TeslaCrypt Decryption Tool is an open source command line utility for decrypting TeslaCrypt encrypted files so users’ files can be returned to their original state.
TeslaCrypt malware encrypts the victim’s files such as photos, videos, documents, saved game files, and demands a ransom from the victim within a time limit. When the victim pays the ransom they can download a decryption key that will restore their files, otherwise the files are permanently lost.
Our decryption tool gives the victim the power to decrypt their files themselves, circumventing the ransomware.
Version 1.0 is able to decrypt all the files encrypted by all version of TeslaCrypt and AlphaCrypt:
- TeslaCrypt 0.x - Encrypts files using an AES-256 CBC algorithm
- AlphaCrypt 0.x - Encrypts files using AES-256 and encrypts the key with EC
- TeslaCrypt 2.x - Same as previous versions, but uses EC to create a weak Recovery key. The application is able to use factorization to recover the victim's global private key.
- TeslaCrypt 3 & 4 - The latest versions. Able to decrypt thanks to the C&C server EC private key which was recently released.
This application contains a lot of improvements and modifications in respect to TeslaDecrypter 0.5. Here is a complete list:
- Re-designed the decryption algorithm, now better handles big files and uses less memory
- Added support for the Factorization algorithm (TeslaCrypt 2.x) able to reconstruct the victim's private key (written in plain C++) and 50 times faster than its Python counterpart
- An algorithm able to manage and launch Msieve, and parse its log file
- Added support for TeslaCrypt 3.x and 4.x
- Added key verification algorithms (TeslaCrypt 2.x/3/4) - In this way the Decryptor can't produce invalid files
- A powerful command line arguments
- Imported leaked TeslaCrypt 3.x/4 C&C private key