There are several variants of CryptoWall but they do not leave a ransom note named recover_file_[random].txt.
However, any files that are encrypted with TeslaCrypt 2.0
(AlphaCrypt) will leave ransom notes with names like Howto_Restore_FILES.txt, RECOVERY_FILE_[random].txt, restore_files_[random].txt, recover_files_[random].txt, recover_file_[random].txt
, Howto_RESTORE_FILES_[random].txt, howto_recover_file_[random].txt, _how_recover_[random].txt, how_recover+[3-random].txt. Encrypted data will have the .ezz
extension appended to the end of the filename. At least one version is disguised as CryptoWall
Any files that are encrypted with TeslaCrypt 3.0
will have the .xxx
extension appended to the end of the filename and leave files (ransom notes) with names like recovery_file_[random].txt, recover_file_[random].txt, Howto_Restore_FILES.TXT, help_recover_instructions+[random].txt, Recovery+[5-random].txt, _H_e_l_p_RECOVER_INSTRUCTIONS+[3-random].txt, _ReCoVeRy_+[5_random].txt, Recovery_[5_random].txt, and RECOVERY.TXT.
Information for decrypting files with .ecc, .ezz, .exx, .xyz, .zzz, .aaa, .abc, .ccc
, or .vvv
extensions can be found in this BC News article: TeslaCrypt Decrypted: Flaw in TeslaCrypt allows recovery of encrypted files
. Instructions on how to recover the key for decryption are also included in TeslaDecoder.zip
There is an ongoing discussion in this topic where you can ask questions and seek further assistance.Support for decryption requests can be posted in this topic
Support for TeslaCrypt 3.0 is in this topic where you can ask questions and seek further assistance but as noted above there is no solution to fix your encrypted files yet.
Rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any questions, comments or requests for assistance in one of those topic discussions, particularly the last if dealing with one of the newer variants. Doing that will also ensure you receive proper assistance from our crypto malware experts since they may not see this thread. To avoid unnecessary confusion...this topic is closed.
The BC Staff