Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


.ccc RSA 2048, dropped how to recover opm.txt

  • This topic is locked This topic is locked
3 replies to this topic

#1 titi1900


  • Members
  • 4 posts
  • Local time:11:59 PM

Posted 31 March 2016 - 11:11 AM

Hello all,

We have the RSA – 2048 ccc. extension. Infected windows PC and 2 external drive.

When we had the virus it was a win 7 weeks ago (last week it updated itself for win 10) and we didn’t  realize it we are infected for weeks (we hardly used this PC) we found out last weekend and it is shocking we lost so many family pictures and videos I have just a small hope I can get them back. Please tell me it is possible.

PC files are case 1 files


external drive 1. files are  case 2


external drive 2. files are case 3


I separated them 3 cases because I’m not sure what time they infected maybe it is matter maybe not. Also on the external drive 2. case 3, I found some folders are not infected maybe because we didn’t open them.(I checked them on a friend projector)

We run the malware bite program and now I'm not sure we have the virus still, I downloaded few jpg from the net and after few restart they are not infected yet. How could I know it for sure and how I could protect if I have recovered files.

I tried to use the Tesladecoder but for me it is too complicated to find the key and put in the right order


The external drives are able to infect clean computer and Macbook with this virus?I do not understand how does it work and I’m before the beginner PC user. But I’d like to use the tesla if you could get the key for me.

If I am not able to recover my files where I could upload them for someone who could help me.


Thank you in advance


BC AdBot (Login to Remove)


#2 Demonslay335


    Ransomware Hunter

  • Security Colleague
  • 3,565 posts
  • Gender:Male
  • Location:USA
  • Local time:10:59 PM

Posted 31 March 2016 - 01:00 PM

Hi titi1900,


The good news is that this is a crackable variant. It just requires some time to do the factorization.


I have generated one of your keys, but don't have computing time available to do the "master" key (PrivateKeyBC). This key may unlock most of your files; if it does not, please post a sample file in the following topic for assistance.


TeslaCrypt (.VVV, .CCC, etc Files) Decryption Support Requests


Here is your PrivateKeyFile key. Run TeslaDecoder, click "Set Key", paste this in and select the extension of your encrypted files. Then, select a folder to decrypt. It may skip some files if your system had multiple keys due to being restarted during the infection. If any files are skipped, please post in the topic linked above, and mention that the PrivateKeyFile was already done.



Case 1: 292C7D8C1A8B53DF14DB12CAA13F6E590FF94D7657E091DBB43D7FCF264C59CA

Case 2: F9CBC18A2FADDD556948C80F7003AC31CD716AC7C089DB1D781DAB7189C22E7D

Edited by Demonslay335, 31 March 2016 - 01:07 PM.

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.

#3 titi1900

  • Topic Starter

  • Members
  • 4 posts
  • Local time:11:59 PM

Posted 31 March 2016 - 02:36 PM

I can't believe it you are absolutely amazing, the 2nd key decrypted one folder completely 800 files. I don't know what to say no words to say what you have done for me. Thank you so much

#4 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,780 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:59 PM

Posted 31 March 2016 - 04:29 PM

Yes Demonslay335 is amazing and has helped many victims.

Rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any more questions, comments or requests for assistance in the support topic link provided by Demonslay335. To avoid unnecessary confusion...this topic is closed.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users