Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TeslaCrypt (.VVV, .CCC, .EXX, .EZZ, .ECC, etc) Decryption Support Requests


  • Please log in to reply
5511 replies to this topic

#16 BloodDolly

BloodDolly

  • Security Colleague
  • 473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Slovakia
  • Local time:06:33 PM

Posted 05 January 2016 - 06:39 PM

Hello,

I have a version 2.2.0 .vvv file infected machine and would appreciate any help with getting the private key.

 

 

Thank You,

Personmans

Check PM



BC AdBot (Login to Remove)

 


m

#17 personmans

personmans

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 05 January 2016 - 07:24 PM

 

Hello,

I have a version 2.2.0 .vvv file infected machine and would appreciate any help with getting the private key.

 

 

Thank You,

Personmans

Check PM

 

 

I read the linked post and found the tools. I just calculated the candidate AES private key and it worked for files in one folder, but it appears that each folder may have its own key. Working on my second key now. Still great news!

 

 

Thank you BloodDolly, Googulator, Demonslay335 and Grinler! You guys do amazing work.



#18 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,251 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:33 AM

Posted 05 January 2016 - 07:33 PM

 

I read the linked post and found the tools. I just calculated the candidate AES private key and it worked for files in one folder, but it appears that each folder may have its own key. Working on my second key now. Still great news!

 

 

Thank you BloodDolly, Googulator, Demonslay335 and Grinler! You guys do amazing work.

 

 

Make sure you are cracking the PrivateKeyBC and not PrivateKeyFile. The PrivateKeyBC should work for all files, as the PrivateKeyFile will only decrypt files that were encrypted in the same "session" of the virus; e.g. if the computer was restarted during its process, it will generate a new one each time.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#19 linjun85

linjun85

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 05 January 2016 - 08:34 PM

===============
= PrivateKeyBC =
================

SharedSecret1*PrivateKeyBC
hex C704B10AF9DD4908A52DBB6F35B6795B500F3B51B66B3EB5FD23D6672CD5CCCB923B5990B8001820146DB31BE4E7B2C939B5B1F53E479E5D9F0B7C2A0CAF2BB8
dec 10423435530128016135510897744014612327916230403138441209705129954391390334317543236691859844777305481862142438102642952217072560146538203164917128307354552
PrivateKeyBC =
PublicKeyBC = 04BA2C32EE6AD5E0DDAB379B0BCDEDCA264863EE276B3C85CF5CC89B05B7245E99F70ED6DB5C6D028D2C2ABEA0C55998E440FD029369917FCD0D8F14FE6D52ECF1
==================
= PrivateKeyFile =
==================
SharedSecret2*PrivateKeyFile
hex 414BF39AA510496DC9FD01C6D11715BD012385B1CBF30284E9E01CE31DE29FCB329D8DFAD9352FD339D8C4217C6A9D499175A77A8F74F8A827DD04B0234E21D3
dec 3419864931182435819660947459089245331154717645926988296555599692750477490323776868473584611424999464781165917242425692733046244738105847273203970247369171
PrivateKeyFile =
PublicKeyFile = 040DDCE51A15E5D6AC378F24A0A535572350E36A868CE94B2AFFBD5503EC52AD686934EE4F013B545FCA32461B1B063FC11A26915F875522ECF0FC406DEBA86E15

Decrypting files in folder:C:\Users\linjun.BESTSELLER\Desktop\TeslaCrack Master
Please wait...
Decryption finished. (0 files decrypted, 3 files skipped)
See log file for more information: C:\Users\linjun.BESTSELLER\Downloads\TeslaDecoder(1)\log.txt
 


Edited by linjun85, 05 January 2016 - 08:58 PM.


#20 Psionics

Psionics

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 05 January 2016 - 08:39 PM

Hi all,

First off have to say amazing work and support by everybody here!

I also have the new variant (.vvv extensio )on one of our machines and could use a little help. I have loaded one of the encrypted files into TeslaViewer and put the appropriate information into TeslaRefactor, but it keeps telling me that the private key is not found. Either I am missing something, or not putting in the correct information. A little guidance would be appreciated.

Thanks in Advance.

#21 Grinler

Grinler

    Lawrence Abrams

  • Topic Starter

  • Admin
  • 43,273 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:33 AM

Posted 05 January 2016 - 08:50 PM

Hi all,

First off have to say amazing work and support by everybody here!

I also have the new variant (.vvv extensio )on one of our machines and could use a little help. I have loaded one of the encrypted files into TeslaViewer and put the appropriate information into TeslaRefactor, but it keeps telling me that the private key is not found. Either I am missing something, or not putting in the correct information. A little guidance would be appreciated.

Thanks in Advance.


I sent you a PM.

#22 mrsumo

mrsumo

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 05 January 2016 - 08:52 PM

Thanks everyone for all the work to help people like myself who fell victim to this virus!

 

Looking for help to decrypt my files that were infected and have .vvv encryption.

Can send you files on wetransfer.

 

Hoping I have enuf skills to do the rest. 

 

Appreciate the help.



#23 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,251 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:33 AM

Posted 05 January 2016 - 09:03 PM

Thanks everyone for all the work to help people like myself who fell victim to this virus!
 
Looking for help to decrypt my files that were infected and have .vvv encryption.
Can send you files on wetransfer.
 
Hoping I have enuf skills to do the rest. 
 
Appreciate the help.


I've sent you a PM.

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#24 Psionics

Psionics

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 05 January 2016 - 09:16 PM

Hi all,

First off have to say amazing work and support by everybody here!

I also have the new variant (.vvv extensio )on one of our machines and could use a little help. I have loaded one of the encrypted files into TeslaViewer and put the appropriate information into TeslaRefactor, but it keeps telling me that the private key is not found. Either I am missing something, or not putting in the correct information. A little guidance would be appreciated.

Thanks in Advance.

I sent you a PM.

Thanks, Grinler.

Edited by Psionics, 05 January 2016 - 09:18 PM.


#25 al1963

al1963

  • Members
  • 839 posts
  • OFFLINE
  •  
  • Local time:10:33 PM

Posted 05 January 2016 - 10:21 PM

Hi all!
Tell me, please, how can I use the information obtained from teslaviewer to obtain the decryption key of all files?

================
= PrivateKeyBC =
================

SharedSecret1 * PrivateKeyBC
hex 106C5258B1D2660CFEC9A5F9EE16F0CF943559A04795EA555B447F3DA21FB3D3300C71CDEF4C15E545224980066F33E96947E1283626281CF4B793B2F3490B22

PrivateKeyBC =
PublicKeyBC = 04E70CF0046BAE2DDE3F1A626F12099C3FCA8B1A23028BBA8CA56B7B5448414486DB15FCD0603CDE7FA072E3CC9FB6EBC136D06E567CD06E91FB48DDA233AC22C1

==================
= PrivateKeyFile =
==================

SharedSecret2 * PrivateKeyFile
hex 4661782B075DD6F3E319CEFF0804A2980504568A5AD418A5896FAFB87796AE857C06B83EB74ED16B2FA632EEBC01E7740A4653E71C53EC7AA271938F84524D45

PrivateKeyFile =
PublicKeyFile = 043EB2EBA2A4BE53932A2ECEFC0F38F9BF405E30D87093CAE43C48A7886DDD19FE02769BCD5B6FE32E6700C6E0F8F28D8BFC9FE0330D9D3A403F0597249176B26A

 



#26 Grinler

Grinler

    Lawrence Abrams

  • Topic Starter

  • Admin
  • 43,273 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:33 AM

Posted 05 January 2016 - 10:42 PM

Hi all!
Tell me, please, how can I use the information obtained from teslaviewer to obtain the decryption key of all files?


Sent you a pm

#27 theniceguy7

theniceguy7

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:33 AM

Posted 06 January 2016 - 12:01 AM

Hi Guys,

1 of our PC infected by CryptoWall 4.0. All the files have been encrypted to random file names and extensions.

Is there any method to decrypt back the files?

Thanks



#28 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,251 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:33 AM

Posted 06 January 2016 - 12:05 AM

Hi Guys,

1 of our PC infected by CryptoWall 4.0. All the files have been encrypted to random file names and extensions.

Is there any method to decrypt back the files?

Thanks

 

Sorry, but CryptoWall 4.0 is not crackable. The only chance is to restore from backups, or wait for the unlikely event that the malware developer's server is seized. This topic is only for offering decryption of TeslaCrypt.

 

For any questions with CryptoWall 4.0, please check out the support topic: CryptoWall 4.0: Help_Your_Files Ransomware Support Topic


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#29 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,251 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:33 AM

Posted 06 January 2016 - 12:13 AM

===============
= PrivateKeyBC =
================

SharedSecret1*PrivateKeyBC
hex C704B10AF9DD4908A52DBB6F35B6795B500F3B51B66B3EB5FD23D6672CD5CCCB923B5990B8001820146DB31BE4E7B2C939B5B1F53E479E5D9F0B7C2A0CAF2BB8
dec 10423435530128016135510897744014612327916230403138441209705129954391390334317543236691859844777305481862142438102642952217072560146538203164917128307354552
PrivateKeyBC =
PublicKeyBC = 04BA2C32EE6AD5E0DDAB379B0BCDEDCA264863EE276B3C85CF5CC89B05B7245E99F70ED6DB5C6D028D2C2ABEA0C55998E440FD029369917FCD0D8F14FE6D52ECF1
==================
= PrivateKeyFile =
==================
SharedSecret2*PrivateKeyFile
hex 414BF39AA510496DC9FD01C6D11715BD012385B1CBF30284E9E01CE31DE29FCB329D8DFAD9352FD339D8C4217C6A9D499175A77A8F74F8A827DD04B0234E21D3
dec 3419864931182435819660947459089245331154717645926988296555599692750477490323776868473584611424999464781165917242425692733046244738105847273203970247369171
PrivateKeyFile =
PublicKeyFile = 040DDCE51A15E5D6AC378F24A0A535572350E36A868CE94B2AFFBD5503EC52AD686934EE4F013B545FCA32461B1B063FC11A26915F875522ECF0FC406DEBA86E15

Decrypting files in folder:C:\Users\linjun.BESTSELLER\Desktop\TeslaCrack Master
Please wait...
Decryption finished. (0 files decrypted, 3 files skipped)
See log file for more information: C:\Users\linjun.BESTSELLER\Downloads\TeslaDecoder(1)\log.txt
 

 

I have sent you a PM.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#30 TouMoua

TouMoua

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 06 January 2016 - 01:35 AM

Hello guys, can you help me Decrypt my files

https://drive.google.com/file/d/0ByqS9XwwNrz1UWFJZkVHaUlvVXc/view?usp=sharing

 

Thank You in Advance






4 user(s) are reading this topic

0 members, 4 guests, 0 anonymous users