Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"TeslaCrypt flaw opens the door to free file decryption", via ZDNet


  • Please log in to reply
11 replies to this topic

#1 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:52 AM

Posted 22 January 2016 - 09:46 AM

Researchers have discovered that TeslaCrypt contains an inherent design flaw which has granted an avenue for the development of free decryption tools.

Security researcher Lawrence Abrams explained in a blog post this week that a number of former victims and researchers have been working together for the past month to exploit a flaw in TeslaCrypt's encryption key storage algorithm. While this was kept quiet to prevent the malware's creator catching on and patching the flaw, now TeslaCrypt 3.0 has been released, the group have decided to release their findings.

The design flaw affects TeslaCrypt and variants of TeslaCrypt 2.0, giving victims of these strains the hope of decrypting their machines and files without giving in to the malware creator's demands.


Source: http://www.zdnet.com/article/teslacrypt-vulnerability-exposes-ransomed-files-to-free-cracking/

Featuring Grinler and BleepingComputer! :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


BC AdBot (Login to Remove)

 


#2 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:52 AM

Posted 22 January 2016 - 09:53 AM

Well that may just invite a whole new flood of victims needing help. Bring it on, my CPUs have been more idle lately. :)


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#3 Aura

Aura

    Bleepin' Special Ops

  • Topic Starter

  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:52 AM

Posted 22 January 2016 - 09:54 AM

I've been wondering, did you guys ever post the setups you are using for this service? :o I'm interested in knowing what you are running.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#4 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:52 AM

Posted 22 January 2016 - 09:57 AM

I've got two 2nd gen i7s and a supplementary i5. I know BloodDolly has atleast a newer gen i7, and VirusD has a small army of x20 i7s somehow, lol. Some of the smaller ones would get shredded even by my i3 at the start if they were lucky, really comes down to luck still.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#5 Aura

Aura

    Bleepin' Special Ops

  • Topic Starter

  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:52 AM

Posted 22 January 2016 - 10:00 AM

If I had spare CPUs, I would gladly help you, but all I have in reserve is a Dual Core I think, so I wouldn't be of much help. Even my desktop runs a i5-3570k. Can you limit the CPU usage when you try to crack the keys, or do you usually dedicate the whole CPU resources to it so it goes faster?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#6 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:52 AM

Posted 22 January 2016 - 10:02 AM

I dedicate all threads since these systems don't do too much else currently anyways. You can limit the threads if you are actively using the system, or you can use the -p flag to make it run "low priority".


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#7 Aura

Aura

    Bleepin' Special Ops

  • Topic Starter

  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:52 AM

Posted 22 January 2016 - 10:06 AM

What I'm about to say comes from the limited knowledge I have about Bitcoin mining, but for that kind of operation, wouldn't using high-end GPUs (like GTX cards) also work to crack the keys?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:52 AM

Posted 22 January 2016 - 10:11 AM

Yafu does not use GPU at all unfortunately. Msieve does with a special build to some degree if you have a CUDA-enabled nVidia card. It can only utilize it for polynomial selection, which isn't usually the biggest time sink in my experience for the numbers we're factoring. I haven't seen a huge performance boost in using it, and you have to juggle formats and switching between tools. I found it just easier to throw it on the CPU and let it run overnight, lol.

 

So basically, it probably could speed things up, but the current tools available to the public don't utilize the GPU to it's max potential quite yet.

 

No worries on the limited knowledge, I learned all this as I went too. :)


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#9 Aura

Aura

    Bleepin' Special Ops

  • Topic Starter

  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:52 AM

Posted 22 January 2016 - 10:15 AM

Well thank you for explaining me all this :) I'm totally lost at the math part (I'll have to watch the video in the BleepingComputer News Article about the decryption service) but I can understand what you're telling me when it comes to the CPU and GPU :P

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 Retry2

Retry2

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 22 January 2016 - 01:50 PM

Well that may just invite a whole new flood of victims needing help. Bring it on, my CPUs have been more idle lately. :)(

 

More worrying is that they'll work harder at releasing new versions :( I've got a couple i7's I could probably dig up.



#11 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:52 AM

Posted 22 January 2016 - 01:56 PM

Aye, 'tis the cat-and-mouse game of security. More-so in IT security the last few years for sure.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:52 AM

Posted 22 January 2016 - 03:00 PM

IMO more like cats and rats. :wink:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users