Two weeks ago the nightmare comes to me. Suddenly all important files has file extension ".ccc" and I could not open it. I apprehended my Computer was infected by a virus and immediatly I shut down computer by putting off power adapter. A search by google from other computer leads me in this forum. Quickly I understood that I became a Victim of Ransomware named "Teslacrypt" using asymmetric encryption RSA-2048. Realy strong encryption and no way to crack. An email zu kaspersky ("professional support") was answered with useless standard answer. "Try this tool and that... bla bla". Latest Tool was from april this year. However ... useless.
The search of an file named "key.dat" to crack the encryption is âlso useless because the encryption ist asymmetric and the key.dat is the public key which one you could not use to EN-crypt! It cames with the virus to yout computer and the private key for DE-cryption never enters yout computer at this time!
The virus leads me to a personal page where I found a instruction what I have to do to get back my date decrypted. I should pay 500$ in bitcoins.
From out different reasons at the end of a long process of consideration I decided to pay the ransom of 500 $ in bitcoins. The payment in bitcoins was dificult and cost much time to understand and realise it but I got it. At this time I don't know the asholes would be keeping their promise to decrypt my files after payment but I stake everything on one card and paid.
Just a few hours later the blackmailer reacts and send me a link to download a "decryption tool" and the privat key for my data: a string of 65 characters an numbers!
The decryption tool ist very primitiv, you could not choos special folders to prior decrypt but the complete hard disk will be decrypted. But the tool and the key works! The files came back!
If you decrypt your files with that tool the data volume doubles! The mass of Data after decryption ist twice than bevor! Thats why the decryption tool dont delete the encrypted file after decryption. Both versions - encrypted and decrypted - are both an hard disk after decryption. So note that you perhaps need a bigger hard disk and copy all of your encrypted data on it bevor starts the decryption process!
After all it ist a bleepy waste of time and nerves.
I hope the blackmailer gets in prisom anytime!
Don't forget: data backup is the most important!
Edited by hamluis, 08 December 2015 - 11:33 AM.
Moved from AII to Gen Security - Hamluis.