TeslaCrypt (ecc, ezz, exx, xyz, zzz, aaa, abc, ccc) Decryption Support Requests

That video has been posted before. I have been in contact with the company behind that software, and they confirmed it has to be installed before infection. It also appears to only grab the PrivateKeyFile, so it has to re-do its process anytime the computer is restarted while the infection is still running.

Yes, that happened because his yafu.ini tune was set like a Xeon running in a Linux 64 environment, totally incompatible with his hardware & system.The whole thing was rectified 11hs. ago. Thx Demonslay!

 

I'm afected with tesla virus. Please help me to decrypt my fyles. There is one of my afected file. .micro

There is no way of decrypting TeslaCrypt 3.0 .xxx, .ttt, .micro, or .mp3 variants at this time since they use a different protection/key exchange algorithm, a different method of key storage and the key for them cannot be recovered. Support for TeslaCrypt 3.0 is provided in this topic if you have further questions but there is no solution to fix your files.

• TeslaCrypt 3.0 .xxx, .ttt, .micro, .mp3 Support & Discussion

 

quietman7 is wrong. You can decrypt your files : https://www.sendspace.com/file/nmlg6v

quietman7 is wrong. You can decrypt your files : https://www.sendspace.com/file/nmlg6v

What are you insinuating by sending a Word document about a Shakespeare production? From your previous posts, you were hit by the .vvv variant, which is decryptable. Those with the .xxx, .ttt, .micro, or .mp3 are not decryptable without paying the ransom. I'm unsure the status of your factoring since it is not on factordb.com, but I can only assume you got the factors from VirusD then?

 

quietman7 is wrong. You can decrypt your files : https://www.sendspace.com/file/nmlg6v

What are you insinuating by sending a Word document about a Shakespeare production? From your previous posts, you were hit by the .vvv variant, which is decryptable. Those with the .xxx, .ttt, .micro, or .mp3 are not decryptable without paying the ransom. I'm unsure the status of your factoring since it is not on factordb.com, but I can only assume you got the factors from VirusD then?

 

@Demonslay335 : look at post 1971

- Added support for TeslaCrypt 3.0.0 encrypted files (.xxx, .ttt, .micro).
...
I am still working on the solution how to recover one of the keys listed above, but currently there is no solution.

@All
The current state of decryption of TeslaCrypt 3 (.xxx, .ttt, .micro) is still the same, we can't recover any of the 7 private keys right now....

@quietman7

Look at post 1971

@quietman7

Also you can look at post 1848 and look there : https://www.sendspace.com/file/rhcf3s

 @ quietman7

Look a this PM, its interesting no ?

I really would like to understand what's going on.

Yes, i know, it's far away from me all that could happen behind a private chat between members/masters/guests..., it's ok, but why to expose that chat here?

I would like to know if we can start to help the victims of TC3.0....or, what's going on?

@HLR7594

I really would like to understand what's going on.

Yes, i know, it's far away from me all that could happen behind a private chat between members/masters/guests..., it's ok, but why to expose that chat here?

 

I would like to know if we can start to help the victims of TC3.0....or, what's going on?

 

yeah,exactly 

@HLR7594:

Demonslay335 didn't want to infect you, he just used wrong site for file sharing.
I reuploaded that package to sendspace. Here is the link https://www.sendspace.com/file/b67cig

Hi all!

Is it now possible to decrypt v3 .micro, .mp3?

Another thing: I have got one computer with .mp3 infection. I took away network connection. I found exe virus. If I run it, it encrypts all my new files...so...where does it stores the private key, if it does not have internet connection?

Is it possible to get it out the RAM when the virus is running?

Edited by viljemt, 20 February 2016 - 06:31 AM.