For a little over a month, researchers and previous victims have been quietly helping TeslaCrypt victims get their files back using a flaw in the TeslaCrypt's encryption key storage algorithm. The information that the ransomware could be decrypted was being kept quiet so that that the malware developer would not learn about it and fix the flaw. Since the recently released TeslaCrypt 3.0 has fixed this flaw, we have decided to publish the information on how a victim could generate the decryption key for encrypted TeslaCrypt files that have the extensions .ECC, .EZZ, .EXX, .XYZ, .ZZZ, .AAA, .ABC, .CCC, and .VVV. Unfortunately, it is currently not possible to decrypt the newer versions of TeslaCrypt that utilize the .TTT, .XXX, and .MICRO extensions.
The Flaw in TeslaCrypt
TeslaCrypt's flaw was not in the encryption algorithm itself, but rather how the encryption keys were being stored on a victim's computer. When TeslaCrypt encrypts a victim's files it uses the AES encryption algorithm, which uses the same key to encrypt and decrypt a file. Each time TeslaCrypt was restarted, a new AES key was generated and stored in the files that were encrypted during this session. This means that some files on a victim's machine could be encrypted with a different key than other files. Since the developers wanted to store these encryption keys in every encrypted file, they needed a way to secure it so a victim wouldn't simply extract their key and decrypt their files. To protect this key, the developers first used another algorithm to encrypt this key and then stored information about this encrypted key in each encrypted file. The information stored in each encrypted file is shown in the image below.
Source Kaspersky
Unfortunately, for the malware developer, the size of this stored key were not sufficiently strong enough to withstand the computing power of today's modern computers. Thus it was possible to use specialized programs to factorize these large numbers in order to retrieve their prime numbers. Once the prime numbers were retrieved, specialized tools are then able to use them to reconstruct the decryption key. For some victim's this process could take as a little as 5 minutes to complete, while others that had stronger numbers could take days. For more information on prime numbers and how they relate to cryptography, this video provides a good summary.
Volunteers to the Rescue
It all started when reports were coming in that Kaspersky was able to decrypt encrypted files without a user paying the ransom. It was decided that it was better to keep this ability private as we didn't want to alert the developer of the flaw in his program. Soon after a member named Googulator created a post in the TeslaDecoder topic stating that he came up with a method to generate a victim's encryption key by factoring the prime numbers of the data stored in an encrypted file. He published this method as Python scripts in a Github project called TeslaCrack for everyone to use. This method was fantastic and though we hid it so the developer wouldn't be notified, we allowed the method to be used in our forums and news articles. This method took off and we had volunteers, many of whom were prior TeslaCrypt victims, offering their computer's computing power and services to help other victims retrieve their decryption keys. To assist with this we create a dedicated TeslaCrypt (.VVV, .CCC, etc Files) Decryption Support Requests topic in our forums.
Googulator's TeslaCrack scripts was a lifesaver, but it's ability to only decrypt certain TeslaCrypt variants and the fact that you needed to work from the command-line had made it more complicated to use. As the scripts are developed in Python, a user would need to install Python and then issue the commands via the command line. This method also required the victim to use encrypted files that had a known file header (PDF, JPG, etc) and modify the TeslaCrack scripts if you were not using the a encrypted PDF file. Last, but not least, TeslaCrack was attacking the AES key of the file, and since this key is changed each time TeslaCrypt was restarted, a user would potentially have to crack multiple keys in order to completely decrypt all of their files. Unfortunately, for many users this was a confusing process and was difficult for them to do on their own.
At the same time BloodDolly, the creator of TeslaDecoder, was updating his tools to be able to recover the encryption key as well for all variants of TeslaCrypt. His tools were designed a bit differently, though, as instead of going after the AES key of the file, it was attacking the master private key that TeslaCrypt used on the victim's computer. This meant that once you recovered the key, you would be able to decrypt all of the files on the computer regardless of whether TeslaCrypt has been restarted. Furthermore, as his tools were developed to run in Windows and did not require specific encrypted file types, they were much easier for a general user to use. Using these tools and specialized factorization tools such as Msieve and Yafu, victims were now easily able to recover their files for free.
How to use TeslaDecoder to decrypt TeslaCrypt Encrypted Files that have the ECC, .EZZ, .EXX, .XYZ, .ZZZ, .AAA, .ABC, .CCC, and .VVV Extensions
If you are a victim of TeslaCrypt and your files have the ECC, .EZZ, .EXX, .XYZ, .ZZZ, .AAA, .ABC, .CCC, or .VVV extensions, you can use BloodDolly or Googulator's scripts to retrieve your decryption key. Personally, for most users, I suggest that you use BloodDolly's TeslaDecoder tool because it will be easier to use for those who are more comfortable in a Windows environment and makes it easier to recover the key that can decrypt all of your files..
To decrypt your files simply download TeslaDecoder and read the included instructions. I created these instructions to be very detailed and to provide all the information and tools that you will need to recover your encryption key. If you find the information confusing, please feel free to ask for help in the TeslaDecoder Support Topic.
If you do not feel comfortable performing this process on your own, you are also welcome to ask a volunteer to retrieve the key for you. To do this simply follow the instructions in the first post of the TeslaCrypt (.VVV, .CCC, etc Files) Decryption Support Requests topic and someone will get back to you with your key. Please note that the volunteers get many requests a day, so it may take some time to receive help.
Once you have recovered your key, you can then use TeslaDecoder to decrypt all of the files on your drives.
A Special Thanks to our Helpers and Volunteers
I would like to send a special thanks to those volunteers who sacrificed their precious time to help victim's of TeslaCrypt. A very special thanks go to BloodDolly, Googulator, VirusD, Demonslay335, NightbirD, vilhavekktesla, al1963Goosea, the encryption gurus at Kaspersky, Quietman7, and the numerous other volunteers who have spent huge amounts of time helping the TeslaCrypt victims at BleepingComputer.com. Without your help there would be many people who would have lost their data.
Comments
TheBladeRoden - 2 years ago
You should make one for KeyHolder next (though I may be biased)
TheJokerz - 2 years ago
I would also like to thank all of these individuals that took time out of their day to help with this!! Keep it up!!! We need more individuals such as your selfs to help fight the good fight!!!
Googulator - 2 years ago
The weakness wasn't simply the size of the key (although 512 bits is indeed too short to be secure, even if RSA is used correctly). Factorization is only hard for certain classes of numbers, with difficulty being roughly proportional to the size of the 2nd largest prime factor of a number. So, sufficiently big RSA keys, which are semiprimes (two large primes multiplied together) are secure, but if you remove the requirements that the two numbers be prime, there is a strong chance that their product will be easy to factor, even if the numbers are big.
A change made in TeslaCrypt 2.0 intended to make the encryption scheme more robust actually turned out to be another weakness. Pre-2.0 TeslaCrypt and AlphaCrypt needed to store the AES encryption key on disk during encryption, to allow for persistence in case the victim machine is rebooted before encryption could complete. Once all files were encrypted, the malware would wipe the encryption key - however, in many cases the malware failed to reactivate after reboot, leaving the key behind. To address this, TeslaCrypt 2.0 introduced a second, per-session ECDH key pair, which enabled TeslaCrypt to simply generate a new AES key for every session, removing the need to store the AES key in the clear, while retaining the ability for a single master private key to decrypt all files on a single machine, even if encrypted in multiple sessions.
While this did fix the problem of keys occasionally being stored in the clear, it made factorization attacks much easier, since now there were two vulnerable key pairs, either of which could decrypt files. Randomly generating two "strong" key pairs in a row in the new version was much less likely that generating just one "strong" key pair, so a lot more infections could be decrypted quickly, because at least one weak key was available.
"Strong", of course, is relative - even a perfectly "strong" semiprime key takes only a few weeks to factor when the key size is only 512 bits. Still, a few weeks is more than the "5-minute" keys TeslaCrypt often generated.
Lawrence Abrams - 2 years ago
Thanks for the clarification!
vilhavekktesla - 2 years ago
And one more. I think it is AES not RSA. as the key is not asynchronous, or maybe I'm mixing info again. And to Grinler, could you also in the first post in the forum refer to the how to setup yafu. I notised it was hidden somwhere on page 30 so it would be difficult too find for new users.
As the rest says, thank you so much for your dedicated time over many years, I think that is one incentive for all the others to start helping and sharing their computer power and knowledge.
A lot of old math had to be digged up in order to cope, and this made it easier to factor and verify the large numbers, and find techniques to overcome computer power.
How strange it may ever sound (as when you actually are able to mange) this threat created a legion of helpers developing their own understanding on this issue and may almost be regarded as "experts" compared to the unknown not already victims:) I don't want to say it was fun, but was certainly an experience, and for the creators out there, if you get caught some times you owe quite a few people som decent amunt of mony for stealing the valuable time. Estimate 100 USD pr hour and 60 days, 24 hour pr. day for about 50 people ...
So at least we won this battle, but not the war.
kbouchy - 2 years ago
Thanks to everyone for your work on this program! I was able to recover files that were encrypted about 5 weeks ago. I had been waiting on a solution and yours was terrific.
srnevansmsn - 2 years ago
Hi - First time posting on the site. Has there been any head-way on the removal of the ".micro" extensions yet? I got this virus a few days agao and unfortunately it affected a huge amount of files. Please let me know and thanks in advance
Lawrence Abrams - 2 years ago
No, not yet unfortunately.
Nikhil_CV - 2 years ago
A big hats off to Grinler and the great minds who found the way to crack and ones who volunteered to help them....
DejanF - 2 years ago
Since I got this virus do not sleep most beautiful dreams but thanks to you sleep could recover my files and encrypted vvv .With Thanks I do not know how to thank you for what you are doing for the people.
there is still good people in this world.
Thank you thank you
BloodDolly, Googulator, VirusD, Demonslay335, nightbird, vilhavekktesla, al1963
f4ckj4r - 2 years ago
I'm one of the victim of teslacrypt, that i think too far from "Their targets field", and now many Indonesian people can recover their encrypted files with this thread.
I appreciate for the goodnees shared here, and it will be my passion to spread accross my country.
syu888 - 2 years ago
My laptop was infected by Tesla Crypto 3.0 today (it was a Trojan horse pop-up from Microsoft), I purchased both Spy Hunter and Registry Hunter to remove the virus so it doesn't cause further damage. I hope this will not affect my chances of recovering the corrupted files. My files are still corrupted (with the micro extension) - I am really hoping that someone would come up with a solution real soon. Thank you in advance to all those contributed to this forum, very much appreciated.
vilhavekktesla - 2 years ago
Hi, contact blooddolly on this issue, and along the path. Here are late security tips.
All tips are from bleepingcomputer, so I regard them safe. The shear detail in all tips and the why and whats are a great source that every user connected to the internet should at least know the whereabouts of. Here are the two lnks, courtesy of Quietman7 Thanks for your enourmous effort providing all this info in one safe place. And the modereations and tips' in the forums.
https://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-your-system-gets-infected/
https://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
syu888 - 2 years ago
Hello Fellow Crypto Victims,
While I am waiting for a decryption tool for Tesla Crypto 3.0 (crossing my fingers), I just used Shadow Explorer (http://www.shadowexplorer.com/downloads.html) to recover some of the most important files from my laptop. The process was pretty easy and fast but it only worked on my main drive C. I hope this is helpful to some of you and good luck in retrieving your important files.
Bendfella - 2 years ago
hi goose i am from namibia and fas the same problem vvv file virus. i uploaded the file here
https://www.mediafire.com/?d6833jsqnjsqfj1
as i understand u will decrypt the file ans send the key that will work with all files.
can i then decrypt the other fiiles in windows 7 64bit?
bendfellas@gmail.com
romarol - 2 years ago
@Bendfella your key is:
E082BC9AC724417958BF7169F5AA3BB17FD60771E155D6C98512F61F35714141
romarol - 2 years ago
E082BC9AC724417958BF7169F5AA3BB17FD60771E155D6C98512F61F35714141
mmcclay - 2 years ago
@romarol
mmcclay - 2 years ago
@romarol
I have been attacked as well and all of my files now have a .mp3 extension.
I uploaded a file to
http://www.mediafire.com/listen/6xshrdcsqcrqebb/Bus_mileage(1).xlsx.mp3
Can you decrypt the file and send the key that will work with all the files?
Thank you for your help. I will be beyond grateful.
DRC_VietNam - 1 year ago
i decrypted : https://drive.google.com/file/d/0B-tNtO2H-yL0M2hhR2R0a1JXREE/view?usp=sharing
lancha131 - 2 years ago
Can you help me with decrypting .micro files ? Is there any way to decrypt this type of file?
nabilayob - 2 years ago
i face thesam e problem and anyone can help me to decrypt my files
__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!
NOT YOUR LANGUAGE? USE https://translate.google.com
What happened to your files ?
All of your files were protected by a strong encryption with RSA-4096.
More information about the encryption keys using RSA-4096 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem)
How did this happen ?
!!! Specially for your PC was generated personal RSA-4096 KEY, both public and private.
!!! ALL YOUR FILES were encrypted with the public key, which has been transferred to your computer via the Internet.
Decrypting of your files is only possible with the help of the private key and decrypt program, which is on our secret server.
What do I do ?
So, there are two ways you can choose: wait for a miracle and get your price doubled, or start obtaining BITCOIN NOW! , and restore your data easy way.
If You have really valuable data, you better not waste your time, because there is no other way to get your files, except make a payment.
For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below:
1. http://yy4nfsdp4hpfas7hefp4w.gubbosiak.su/48B3ABE79EAD3732
2. http://i4sdmjn4fsdsdqfhu12l.orbyscabz.com/48B3ABE79EAD3732
3. http://ggr7ndjh435nkjewjknrw.malusbast.at/48B3ABE79EAD3732
If for some reasons the addresses are not available, follow these steps:
1. Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en
2. After a successful installation, run the browser and wait for initialization
3. Type in the address bar: yez2o5lwqkmlv5lc.onion/48B3ABE79EAD3732
4. Follow the instructions on the site.
!!! IMPORTANT INFORMATION:
!!! Your personal pages:
http://yy4nfsdp4hpfas7hefp4w.gubbosiak.su/48B3ABE79EAD3732
http://i4sdmjn4fsdsdqfhu12l.orbyscabz.com/48B3ABE79EAD3732
http://ggr7ndjh435nkjewjknrw.malusbast.at/48B3ABE79EAD3732
!!! Your personal page Tor-Browser: yez2o5lwqkmlv5lc.onion/48B3ABE79EAD3732
!!! Your personal identification ID: 48B3ABE79EAD3732
romarol - 2 years ago
hello , until now nothing :( I'll update when I'll find something !
Hidir - 2 years ago
Helo. I need your help to find the key for this micro virus file.
Here is the link. Thank you.
http://www.mediafire.com/download/5z72no234v7z557/prima.pptx.micro
DRC_VietNam - 1 year ago
i decrypted : https://drive.google.com/file/d/0B-tNtO2H-yL0SkZTeWR2c0wwbUU/view?usp=sharing
NightbirD - 2 years ago
Thx a lot for the mention, Lawrence, i never expected it, at all! :)
learnerskp - 2 years ago
Dear All!
I also face to infected encrypted .mp3 file extension in my client work PC. please advice me for decrypt solution
link : https://www.sendspace.com/file/3s7yf1
best regards.
kelotz - 2 years ago
Hi,
I have the same issue, they decrypted all the files and add *.mp3 extension to the files.
I made this following attempts:
Input:
python teslacrack.py --progress C:\\
Output:
2016-03-07 09:25:40,171:INF: Counting dirs...
2016-03-07 09:25:40,177:INF: Counting dirs: 0...
2016-03-07 09:25:41,840:ERR: Permissionerror(13, 'Access is denied'): \\?\E:\Sys
tem Volume Information
2016-03-07 09:25:41,841:INF: Dir 61 of 61(100.00%)
scanned: 1314
noAccessDirs: 1
teslaExt: 0
badheader: 0
crypted: 0
decrypted: 0
skipped: 0
unknown: 0
failed: 0
overwritten: 0
badExisting: 0
deleted: 0
Input:
msieve152 -v -e 0x346FA15D6F7106A05553
587E67AD068EBF0CE65C9ECBA74BAE144661AB502CEFFEBCFA9FBB3CDFD9E4043B3402F970051E55
063D96C94AB66B443A0F9D088A23
OutPut:
commencing Lanczos iteration
memory use: 9.8 MB
linear algebra at 64.5%, ETA 0h 0m74716 dimensions (64.5%, ETA 0h 0m)
linear algebra completed 72276 of 74716 dimensions (96.7%, ETA 0h 0m)
lanczos halted after 1181 iterations (dim = 74603)
recovered 18 nontrivial dependencies
p1 factor: 3
p1 factor: 5
p6 factor: 418819
p8 factor: 10304417
prp13 factor: 8162073202471
prp14 factor: 84794311049579
prp19 factor: 3135407003350317697
prp25 factor: 2560807722929541167424011
prp26 factor: 19683723106610479028057093
prp45 factor: 387847886921773814156469727175786645600806381
elapsed time 02:03:42
Input:
python unfactor_ecdsa.py outgoing.xlsx.mp3 3 5 418819 10304417 8162073202471 84794311049579 3135407003350317697 2560807722929541167424011 19683723106610479028057093 387847886921773814156469727175786645600806381
Output:
Reconstruction failed! outgoing.xlsx.mp3 doesn't appear to be TeslaCrypted
I uploaded the the outgoing.xlsx.mp3 to:
http://www.rarefile.net/4o0qhb6z8haf/outgoing.xlsx.zip
I hope somebody can help me to sort this out.
Thanks
siner - 2 years ago
hello,
how do you know the teslacrypt variant of your infected files?
my files are all locked, but the file extension did not change, remain the same and every teslaviewer give me na error message
for all that i've searched, the encrypted files all change the extension giving a hint on the teslacrypt variable, but not in my case.
outher tests that i was able to make, also sugest that i stopp the encryption process in time not to change the file extensions.
can anyone help?
jg2102 - 2 years ago
I am having the same issue as siner. I was hit this week and none of the file extensions changed.
I could get rid of TeslaCrypt off my system but have not been able to find any fixes for the encrypted files.
HELP :(
Any suggestions out there?
ddinno - 2 years ago
@romarol
http://www.mediafire.com/download/olddghqmqphkqfi/TEMPI_DI_LAVORAZIONE_DEL_23-12-2015_ed.09.xlsx
Can you decrypt the file and send the key that will work with all the files?
Thank you in advance
DRC_VietNam - 1 year ago
i decrypted: https://drive.google.com/file/d/0B-tNtO2H-yL0WkxIaHBNUzJLQ1U/view?usp=sharing
romarol - 2 years ago
@siner @jg2102 what message came on, they ask money? eventually post and screen capture or load an file
vilhavekktesla - 2 years ago
Hi, to all, with Tesla, version 3 or 4
Verison 3 may be identified manually by any user on these criteria.
V3: probably .micro, .mp3, .ttt or .xxx, where .mp3 is the most common one at the moment.
V3: adds this to any file like this: testimage.jpg.mp3
V4: probably .mp3 or no extension at all.
V4: testimage.jpg.mp3 or more likely testimage.jpg but it cannot be opened.
There is no cure at the time being. AES256 CBC is used to protect the encrypted keys.
Assuming you have gotten the correct key somehow, you may use tesladecoder
or actually should use tesladecoder to decrypt the files (don't use the decrypt.exe you may have received). You may also seek help in the forums mentioned above, and there is one topic for v3 and v4 also. Search BC for more informations and keep calm when dealing with this. Make sure you do not do any mistakes when for instance trying to recover backed up files etc.
Now a guidance in how to determine the crypto malware you may have received:
Please read the entire page before you submit any files.
https://id-ransomware.malwarehunterteam.com/identify.php
The site is safe and the coder may be found her at BC.
shantobd - 2 years ago
a
behrtec - 2 years ago
Hello. Have a client with a slightly different version of tesla. Can you look at and assist? Attached are a sample encrypted file and the ransom note. If possible, can I get the encryption key also?
https://www.dropbox.com/s/p7t1ld0rr02357d/Manual_669.pdf.crypt?dl=0
https://www.dropbox.com/s/jqa3rnit1muegt1/!Recovery_3B18FF8ED8A0.txt?dl=0
Thanks
Lawrence Abrams - 2 years ago
TeslaCrypt has closed its doors and released the master decrypt key. BloodDolly has already updated his tool so it can now decrypt all files encrypted by TeslaCrypt 3.0 and 4.x. More info here:
https://www.bleepingcomputer.com/news/security/teslacrypt-shuts-down-and-releases-master-decryption-key/
kavehahmadi - 1 year ago
my extention in .ccc and I don't know how to unlock , is ther a way to unlock it ?
naim1988 - 1 year ago
Hello friends, I have all my files with the virus, and nowwith the extension .vvv are
Anyone can help, please?
naim1988 - 1 year ago
Hello friends, I have all my files with the virus, and nowwith the extension .vvv are
Anyone can help, please?