Cisco's Talos Group releases decryptor for TeslaCrypt

Green "Success" on two drives.

 

many files still have a .ezz added. I guess these are not decrypted.

 

not sure, could have been twice. the hard drive was working hard for some time before I realized what was going on. What do you mean, update all the programs? Many things won't run at all. I can't get malwarebytes or roguekiller to run, for example.

While searching key.dat I found a

Crystal_Keychains-medium[1].dat

file created on april 27 which is the day I believe I was infected. do you perhaps recognize that keyfile for another encryption program?

Same problem on my moms computer Grin. I have the recovery_kiy file buy no key.dat. Any way to get this file back without reinjecting telsa?

any news for ezz files??

Added an update to the first post:

Update 4/28/15: If TeslaDecrypt cannot find a key.dat file, search your hard drive and if the file can be found move it to the same folder as TeslaDecrypt and try again.

Hi everyone;

I found the file, now how I can move it  TeslaDecrypt  folder

Hello to You all,

in my versions of TeslaCrypt the master key was stripped from the key.dat file and so the current Cisco tool was not be able to help me decrypting my data.

I was able though to rescue some files before they were encrypted, by copying them on a external hard-drive. Thus i have two Versions of them now: One not and one encrypted. Would it be helpful to the specialists here in the blog or for those at Cisco, if i would share These files with them ? 

Sorry if this  question might sound silly to You, but i am not an IT-specialist at all...

Thank You in advance ........and Thank You for all the work You alreaddy have done, to help the victims of this ransom-Software !

You can try my TeslaDecoder. It works only when decryption key is still present in data file (key.dat, storage.bin) or windows registry entries. Supported extensions are .ecc, .ezz, .exx

http://www.dropbox.com/s/abcziurxly2380e/TeslaDecoder.zip?dl=0

I hope it will help to someone. :-)

Hi this is a very interesting topic. My wife's computer was infected with this virus on Wednesday, all jpgs now have the extension jpg.exx and there is the ransom note. I can not find a key.dat file. We have reinstalled windows 7 but still have the old version plus encrypted files in the windows.old folder. Should I watch this topic and hope someone might crack this one day? Thanks.

Hy,

I am one of the "lucky" people infected by criptolocker. Me files has been modifed in exx type of file extension, can I try some tools in order to uncript the corupted files? 

Hy,
 
I am one of the "lucky" people infected by criptolocker. Me files has been modifed in exx type of file extension, can I try some tools in order to uncript the corupted files?

See here: TeslaDecoder released to decrypt .EXX, .EZZ, .ECC files encrypted by TeslaCrypt 
 
xXToffeeXx~