to Bleeping Computer.
You are dealing with a newer variant of TeslaCrypt/Alpha Crypt
Any files that are encrypted with the newer variant of TeslaCrypt
will have the .exx
extension appended to the end of the filename. The .aaa/.abc/.ccc variant drops files (ransom notes) with names like Recovery_File_*****.html, Recovery_File_*****.txt, restore_files_*****.html, restore_files_*****.txt, HOWTO_RESTORE_FILES_*****.txt, HOWTO_RESTORE_FILES_*****.html, HOWTO_RESTORE_FILES_*****.bmp (where ***** are random characters) and pretends to be CryptoWall 3.0
A repository of all current knowledge regarding TeslaCrypt
, Alpha Crypt
and newer variants is provided by Grinler
(aka Lawrence Abrams
), in this topic: TeslaCrypt and Alpha Crypt Ransomware Information Guide and FAQ
Information about and support for decrypting files affected by Alpha Crypt & TeslaCrypt ransomware can be found in this topic:TeslaDecoder released to decrypt .EXX, .EZZ, .ECC files encrypted by TeslaCrypt
TeslaCrypt includes several known versions and extension variants to include: .ecc, .ezz, .exx, .zzz, .xyz, .aaa, .abc, .ccc. Earlier variants stored the private key as data files on the local disk which enabled victims to decrypt their files with the locally stored private key using Cisco's Talos Group decryptor tool for TeslaCrypt
or BloodDolly's TeslaDecoder
. However, if that key was destroyed or removed there is no way to decrypt/recover the data.
Unfortunately there is no way to decrypt the newer TeslaCrypt variants
(.xyz, .zzz, .aaa, .abc, .ccc) without Tesla's private key. These variants no longer store any data files on the local disk and information stored in the registry as binary data only contains public keys and each shared secret.
BloodDolly, Post #123
Unfortunately there is no way how to decrypt .xyz, .zzz, and .aaa variants without Tesla's 256 bit private key or logged request to server encrypted by AES sent before encryption started. I recommend to backup all your encrypted files. Anything else is not necessary, becasue if Tesla's private key will be leaked/published all information for decryption is located in encrypted file header.
BloodDolly, Post #200
Unfortunately there is no solution for .ccc variant of TeslaCrypt. This variant can be decrypted only by their private key except your randomly generated and never stored private key.
BloodDolly, Post #136Brute forcing
...ccc and abc variants are very similiar and can't be decrypted without Tesla's private key, your generated private key or private keys used for file encryption.
the decryption key is not a realistic option (not possible) with current technology because there are an infinite number of possiblities to try. The only other alternative is to save your data as is and wait for a possible breakthrough...meaning, what seems like an impossibility at the moment (decryption of your data), there is always hope someday there may be a possible solution so save the encrypted data and wait until that time.
There is an ongoing discussion in this topic:
Rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any questions, comments or requests for assistance in that topic discussion. Doing that will also ensure you receive proper assistance from our crypto malware experts since they may not see this thread. To avoid unnecessary confusion...this topic is closed.
The BC Staff