Microsoft recently announced that they have updated their malicious removal tool to detect and "remediate" the TeslaCrypt ransomware infection due to the increased distribution and activity detected in August. There has been quite a bit of press surrounding this announcement and people have been getting the wrong idea that this means Microsoft can recover your files. Unfortunately this is not true. This announcement just means that Microsoft has added further detection for this ransomware and will remove it in the Microsoft Malicious Software Removal Tool (MSRT). I thought they were doing that already?

Microsoft also mentions the Talos TeslaDecrypt decryption utility that was released in April as a possible method of recovering your files. Unfortunately, TeslaDecoder only worked with the first two versions of the TeslaCrypt family and is no longer recommended due to its limited ability to recover your files. There is another program created by a member of called TeslaDecoder that is able to decrypt more variants of TeslaCrypt and is the tool of choice. Even this tool, though, is not able to decrypt files encrypted by newer variants of TeslaCrypt.

I wish there was a silver bullet we could offer for this infection, but at this time a victim's choices are limited. You can either restore from backup, pay the ransom, or hopefully be able to live without the missing data.

Related Articles:

GandCrab Devs Release Decryption Keys for Syrian Victims

SEO Poisoning Campaign Targeting U.S. Midterm Election Keywords

The Week in Ransomware - October 12th 2018 - NotPetya, GandCrab, and More

Windows 10 Ransomware Protection Bypassed Using DLL Injection

New Reports Show Increased CyberThreats, User Risks Remain High