Decrypt .xxx, .ttt, .micro, .mp3 Files for Free

Teslacrypt has been one of the most virulent ransomware infections in the last fifteen months. It has been the scourge of small and medium-sized businesses as well as private users (and security companies). Since its release last February, it has been updated half-a-dozen times and re-released. The security industry has been monitoring something like a scaling back of activity recently, with a new ransomware (CryptXXX) being distributed by former TeslaCrypt networks.

An ESET analyst contacted the TeslaCrypt payment/customer support ‘site and asked if the developers would release the master key, if they were taking this ransomware off the market. Much to his astonishment, they said that they would. And did. On the now non-functional page where desperate victims once went to pay, the developers posted the master key and the message, ‘we are sorry!’

A researcher (known as BloodDolly) has followed the malware and cracked decryption right up to the present version (4.0). Now with the key, the researcher has put together a comprehensive decryption program that should deal with any TeslaCrypt-encrypted files.

So if users have any files encrypted by TeslaCrypt with the extensions .ecc, .ezz, .exx, .wyz, .zzz, .aaa, .abc, .ccc, .vvv, .ttt, .xxx, .micro, .mp3 (or the latest by v4.0 with no extension), all these files are now decipherable using the TeslaDecoder .

How to decrypt .ecc, .ezz, .exx, .wyz, .zzz, .aaa, .abc, .ccc, .vvv, .ttt, .xxx, .micro, .mp3 files?

First download TeslaDecoder to the desktop. Double-click to extract the file and it will launch. On the user interface go through the options to select which extension the encryption left (or ‘as original’ for no extension). Next click Set Key which will present the main menu.

decrypt teslacrypt with tesladecoder

Now the required key is set, there is an option to scan the drive, or to decrypt a specific folder; to decode a single folder – Decrypt folder, for the drive select Decrypt all. If Decrypt all is chosen, the Decoder will ask to overwrite the encrypted versions – for extra insurance, do not choose this option in case some other process interferes with the decoder running – rather delete the encrypted folders after the decryption process has finished and is verified as successful (the encrypted versions will now have the extension .TeslaBackup). On completion, the decoder will summarize the decrypted files.

We should take our white/grey hats off to BloodDolly – he has fought a good fight against TeslaCrypt’s developers. The burning question is: this ransomware made tens-of-thousands of dollars in its year-long campaign; the latest version had not been cracked. Why did the hackers concede? It is recommended that any system that has been infected is scanned thoroughly with good software after decryption and the clean-up is complete.

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.