Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: Ethereum mailing list breach exposes 35,000 to crypto draining attack

Featured Deal: Upgrade your iPad with an Apple Magic Keyboard Folio for under $90

Latest Buyer's Guide: Best web browsers with built in VPN: Boost online privacy

TeslaCrypt ransomware changes its name to Alpha Crypt

Started by Grinler , Apr 30 2015 04:46 PM

Prev

Page 3 of 7
1
2
3
4
5

Next
»

Please log in to reply

96 replies to this topic

#31 Grinler

Lawrence Abrams

Topic Starter

Admin
45,113 posts
OFFLINE

Gender:Male
Location:USA
Local time:09:21 AM

Posted 05 May 2015 - 02:57 PM

A guide on Alpha Crypt and TeslaCrypt is now available:

TeslaCrypt and Alpha Crypt Ransomware Information Guide and FAQ

This guide contains all known information about these ransomware.

Lawrence Abrams

Join our Official Discord Chat Server!

Follow us on Twitter!
Follow us on Facebook

Back to top"> Back to top

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#32 TKuja

Members
3 posts
OFFLINE

Posted 11 May 2015 - 08:51 AM

Read in the previous guide that no decrypter exists but is there any news on this? Is someone looking into it? Any progress? I recently got infected, wipe virus but it deleted all shadow copies and system restore files so decrypter is only hope I have to regain lost files..

Back to top"> Back to top

#33 Aura

Bleepin' Special Ops

Malware Response Team
19,709 posts
OFFLINE

Gender:Male
Local time:09:21 AM

Posted 11 May 2015 - 09:58 AM

The CISCO's Talos Group created a decrypter for TeslaCrypt, but it doensn't always work. However, it's really worth a try. You can read more about it in the thread below.

Cisco's Talos Group releases decryptor for TeslaCrypt

Back to top"> Back to top

#34 Tstroke

Members
37 posts
OFFLINE

Local time:06:21 AM

Posted 11 May 2015 - 10:15 AM

Hello Aura
Any word of progress on the Alpha Crypt variant?
I was encrypted on the 4th and have elected to wait for some help rather than pay the thieves. All the info from Grinler's post was very good.
Thanks

Back to top"> Back to top

#35 Aura

Bleepin' Special Ops

Malware Response Team
19,709 posts
OFFLINE

Gender:Male
Local time:09:21 AM

Posted 11 May 2015 - 10:36 AM

Hi Tstroke

Personally, I'm not aware of any progress on Alpha Crypt, but Grinler might know more than me. As soon as a solution is found for a Cryptoware, Grinler usually ask the users that are infected with it to send him a PM, or will post a thread with the decrypter and explanations. So I would back-up your encrypted data on another storage media for now and wait.

Back to top"> Back to top

#36 Grinler

Lawrence Abrams

Topic Starter

Admin
45,113 posts
OFFLINE

Gender:Male
Location:USA
Local time:09:21 AM

Posted 11 May 2015 - 11:33 AM

Nothing yet on Alpha crypt and they just came out with a noname version that uses EXX extensions

Lawrence Abrams

Join our Official Discord Chat Server!

Follow us on Twitter!
Follow us on Facebook

Back to top"> Back to top

#37 cyjh

Members
7 posts
OFFLINE

Local time:09:21 PM

Posted 12 May 2015 - 03:22 AM

so after the pc is infected with Alphacrypt, do we remove the it first or wait for the decrypt?

Back to top"> Back to top

#38 bc2946088

Members
8 posts
OFFLINE

Local time:09:21 AM

Posted 12 May 2015 - 07:49 PM

so after the pc is infected with Alphacrypt, do we remove the it first or wait for the decrypt?

I grabbed all of the files (.ezz in my case) and the key.DAT file, put them on a clean flash drive and simply unplugged the network from the computer and shut it down. It will stay that way until a decrypter release or 30 days or so without one.

Back to top"> Back to top

#39 Aura

Bleepin' Special Ops

Malware Response Team
19,709 posts
OFFLINE

Gender:Male
Local time:09:21 AM

Posted 12 May 2015 - 07:54 PM

Usually, the best thing to do would be to back up all your encrypted files, the key.dat file, RECOVERY_FILE.TXT, etc. on another storage media, then clean the main infection (despite the fact that it should be gone when done encrypting, but there's remnants) and then wait until a solution is found to decrypt your files.

Back to top"> Back to top

#40 cyjh

Members
7 posts
OFFLINE

Local time:09:21 PM

Posted 13 May 2015 - 05:28 AM

Usually, the best thing to do would be to back up all your encrypted files, the key.dat file, RECOVERY_FILE.TXT, etc. on another storage media, then clean the main infection (despite the fact that it should be gone when done encrypting, but there's remnants) and then wait until a solution is found to decrypt your files.

cant even find the key.dat file.

anyone can share how to find this file?

thanks

Edited by cyjh, 13 May 2015 - 05:28 AM.

Back to top"> Back to top

#41 Aura

Bleepin' Special Ops

Malware Response Team
19,709 posts
OFFLINE

Gender:Male
Local time:09:21 AM

Posted 13 May 2015 - 06:56 AM

The first post contains the file location of important files for Alpha Crypt.

Your key.dat file should be in %AppData%. You might have to go in the Folder Options, and enable Show hidden files, folders and drives and uncheck Hide protected operating system files (recommended) in order to see it.