Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TeslaCrypt (.VVV, .CCC, .EXX, .EZZ, .ECC, etc) Decryption Support Requests


  • Please log in to reply
5816 replies to this topic

#1441 stratoregolo

stratoregolo

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:42 PM

Posted 04 February 2016 - 08:59 PM

@mosfetti

You can also send files .pdf.micro and .doc.micro

Stratoregolo



BC AdBot (Login to Remove)

 


#1442 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:42 PM

Posted 04 February 2016 - 09:01 PM

hello,

please could you help me, (

i was infected by teslacrypt 3 (.ecc extension),

i share 3 files : one ecc, help_restore_files.txt and a recovery_key.txt in this link : https://www.sendspace.com/filegroup/qVWRwiA4DsWadZKxC9mr%2BFEebL1KWVj9

i tried TeslaDecoder with no result .

i would appreciate any help with getting the private key.

 

 

I've got this one. recovery_key.txt is all I need to crack it. Will PM when key is found.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#1443 NightbirD

NightbirD

  • Members
  • 493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Buenos Aires, Argentina.
  • Local time:06:42 PM

Posted 04 February 2016 - 09:13 PM

@Demonslay335

:thumbsup2:

 

Where can i read & learn about it? (i've just found an ítem talking about .dat & .bin related files), i was deeply bussy today :killcomp: , & 35°C....., uufffffff.

Tell me when you have time, please.

Thx a lot.

 

**********************************************************************************************************************************************************************************

 

BleepingComputer is being sued by Enigma SpyHunter. Help defend its right of Free Speech!


Edited by NightbirD, 04 February 2016 - 09:37 PM.

************************************************************************************************************************


Please, start TODAY a BACK UP DISCIPLINE, & try to spread the idea to everyone you know. This way you, & your beloved ones, will keep safe the whole data, & the crypto-criminal activity will turn senseless soon.


#1444 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,092 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:42 PM

Posted 04 February 2016 - 09:21 PM

A repository of all current knowledge regarding TeslaCrypt, Alpha Crypt and newer variants is provided by Grinler (aka Lawrence Abrams), in this topic: TeslaCrypt and Alpha Crypt Ransomware Information Guide and FAQ
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#1445 al1963

al1963

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 04 February 2016 - 10:31 PM

 

 

I have also this files crypted with .qcnfymf  

 

Who can help me ???

THANKS

https://www.sendspace.com/filegroup/WJw1O8xQpmn1eIZaoSPuuA

it CTBlocker, for him there is no decryption

 

al1963, could you send the link to the forum for that ransomware, maybe there can be found help with expert help to locate a file that can be used. for Torrentlocker just send the forumlink and let the user look for the info there. I understnad the keey is completely different, but there might be a chance in this situation, just need som extra help from the experts :)

 

@vilhavekktesla,

You're right, and I will do next time. :)

 

I tried to use "encrypted" file (Torrentlocker) utility from Kaspersky Lab (rakhnidecryptor), but without result. I could not calculate the password on these files.


Edited by al1963, 04 February 2016 - 10:49 PM.


#1446 NightbirD

NightbirD

  • Members
  • 493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Buenos Aires, Argentina.
  • Local time:06:42 PM

Posted 04 February 2016 - 11:33 PM

@quietman7

Thx a lot! @Demonslay335 & @1963 helped me to start a .ecc factorizing-practice by simple tips that i've never imagined (to browse the Recover_txt in TeslaViewer)... Now i'm geting a "deep into" through the link you've posted while the C!!7 is "curved".

 

:thumbup2:

 

**********************************************************************************************************************************************************************************

 

BleepingComputer is being sued by Enigma SpyHunter. Help defend its right of Free Speech!


Edited by NightbirD, 04 February 2016 - 11:51 PM.

************************************************************************************************************************


Please, start TODAY a BACK UP DISCIPLINE, & try to spread the idea to everyone you know. This way you, & your beloved ones, will keep safe the whole data, & the crypto-criminal activity will turn senseless soon.


#1447 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,092 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:42 PM

Posted 05 February 2016 - 06:50 AM

I have also this files crypted with .qcnfymf  

Any files that are encrypted with the newest variants of CTB Locker (aka Critroni, Onion) will have a 6-7 length extension consisting of random characters such as these .uogltic, .rtrsxox, .phszfud, etc. A repository of all current knowledge regarding CTB Locker (Critroni, Onion) is provided by Grinler (aka Lawrence Abrams), in this topic: CTB Locker and Critroni Ransomware Information Guide and FAQ.

Unfortunately at this time there is no fix tool and decryption of CTB Locker...is impossible since there is no way to retrieve the private key that can be used to decrypt your files without paying the ransom. There is an ongoing discussion in this topic where you can ask questions and seek further assistance:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#1448 BloodDolly

BloodDolly

  • Security Colleague
  • 473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Slovakia
  • Local time:11:42 PM

Posted 05 February 2016 - 06:59 AM

@All
The current state of decryption of TeslaCrypt 3 (.xxx, .ttt, .micro) is still the same, we can't recover any of the 7 private keys right now.

I wanted to collect encypted files from everyone infected here to be able to reach them if the solution will be found and it will not be universal for everyone. I didn't think that there will be so many people affected by TeslaCrypt 3 and currently I am not even able to answer to all messages, because you are sending them faster than I am able to answer to them. :)

I have to ask you to stop sending me PMs with a link to encrypted files by TeslaCrypt 3. I am still working on this problem and I will be working on it.

 

For the future decryption of your files you need only encrypted files, so you can format your system, etc. because everything important is already in the header of encrypted files.



#1449 elcico

elcico

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 05 February 2016 - 06:59 AM

Hello *,

Help needed for encrypted files (.micro ext) of a colleague.

Already read the last pages of the topic, so I know the key to decrypt has not yet been found until now.

But in case you find it...

Here are my encrypted files (containing a ppt, a pdf and the files created by tesla):

 

https://www.sendspace.com/file/7xgwdf

 

Thank you for working on this and for anything you can do.

elcico :)



#1450 mcstiger

mcstiger

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 05 February 2016 - 07:14 AM

We would like some help decrypting the TeslaCrypt 3.0 files. 

 

Below is a link to a sample file.

 

https://www.sendspace.com/filegroup/%2BMjMkh1HjQqcy5isPwTbGhKehDwuXrH0

 

Thank you,

 

MCSTIGER



#1451 maxweb80

maxweb80

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 05 February 2016 - 07:18 AM

@All
The current state of decryption of TeslaCrypt 3 (.xxx, .ttt, .micro) is still the same, we can't recover any of the 7 private keys right now.

I wanted to collect encypted files from everyone infected here to be able to reach them if the solution will be found and it will not be universal for everyone. I didn't think that there will be so many people affected by TeslaCrypt 3 and currently I am not even able to answer to all messages, because you are sending them faster than I am able to answer to them. :)

I have to ask you to stop sending me PMs with a link to encrypted files by TeslaCrypt 3. I am still working on this problem and I will be working on it.

 

For the future decryption of your files you need only encrypted files, so you can format your system, etc. because everything important is already in the header of encrypted files.

 

WE BELIEVE IN YOU! MANY THANKS



#1452 ionutbigiu

ionutbigiu

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:42 PM

Posted 05 February 2016 - 07:22 AM

I have all my files from Local Disk D , encrypted in .ccc format. Can somebody help me with a key or a method to remove the encryption for multiple files ?:D



#1453 BloodDolly

BloodDolly

  • Security Colleague
  • 473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Slovakia
  • Local time:11:42 PM

Posted 05 February 2016 - 07:23 AM

I have all my files from Local Disk D , encrypted in .ccc format. Can somebody help me with a key or a method to remove the encryption for multiple files ?:D

I am sending you PM.



#1454 ionutbigiu

ionutbigiu

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:42 PM

Posted 05 February 2016 - 07:24 AM

You Da Best! <3



#1455 maxweb80

maxweb80

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 05 February 2016 - 07:40 AM

Teslacrypt 3.0 - .micro extension, yes i'm a victim!

 

https://www.sendspace.com/filegroup/l4QLVIo3hWH%2FGkrsBHoG0qJvnJc4jdH6

 

thanks 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users