ESET releases new decryptor for TeslaCrypt ransomware

Have you been infected by one of the new variants (v3 or v4) of the notorious ransomware TeslaCrypt? If your encrypted files had the extensions .xxx, .ttt, .micro, .mp3 or were left unchanged, then ESET has good news for you: we have a decryptor for TeslaCrypt.

We have been covering this malware for a few months now, sometimes along with Locky or being spread by Nemucod. Recently, TeslaCrypt’s operators announced that they are wrapping up their malevolent activities:

teslacrypt_closed

On this occasion, one of ESET’s analysts contacted the group anonymously, using the official support channel offered to the ransomware victims by the TeslaCrypt’s operators, and requested the universal master decryption key.

Surprisingly, they made it public.

This allowed ESET to create a free decrypting tool promptly, which is able to unlock files affected by all variants between 3.0.0 and 4.2 of this ransomware. For instructions on how to use the decryptor, please visit the ESET Knowledgebase website.

TeslaCryptDecryptor

We must stress that ransomware remains one of the most dangerous computer threats at this moment, and prevention is essential to keep users safe. Therefore, they should keep operating systems and software updated, use reliable security solutions with multiple layers of protection, and regularly back up all important and valuable data at an offline location (such as external storage).

We also advise all users to be very careful when clicking on links or files in their email or browsers. This is particularly true when messages are received from unknown sources or otherwise look suspicious.

For more information about how to protect yourself against these and other ransomware threats, please check this: 11 things you can do to protect against ransomware.

Author , ESET

  • Badtastic_Voyage

    I ran this against a hard drive full of .ECC files, but the results returned zero files found.

    C:UsersHomeDesktop>ESETTeslaCryptDecryptor.exe F:
    ——————————————————————————————————————————————————————————————————————————————–
    0 infected files found.
    0 file(s) cleaned.
    Cleaning Finished.

    • Tony

      I don’t think it handles .ECC Files. From the article: “If your encrypted files had the extensions .xxx, .ttt, .micro, .mp3 or were left unchanged, then ESET has good news for you: we have a decryptor for TeslaCrypt.”

      • Badtastic

        The link to the ESET KB site contains another link that identifies the infection. “Your ESET product detects the infection Win32/Filecoder.TeslaCrypt.” If you check out the details of that infection on their threat encycolpedia, ESET writes:
        “…An additional “.ecc” extension is appended.”
        I know it doesn’t say in the article, but it does seem to be geared toward .ECC files as well.

    • Cihan Erdem

      i can help you for your ecc files, please write me

      • vprem

        any decryptor for XTBL files?

        • Cihan

          yes please send me 1-2 encrypted files mcerdem82@yahoo.com

          • Francesco

            Hi Cihan can you help me as well to decrypt ninja gaiver can i send you some small files to see if you can help me? Can i mail you?

          • Cihan Erdem

            sure please send me.

          • WELLINGTON SOUSA LIMA

            hi Cihan i mail to you within 3 files infected with xtbl.

          • Cihan Erdem

            hi Francesco, what is the extension of your encrypted files ?

          • Roshan Sharma

            Hey Cihan ny tool for decrypting .xtbl files.

          • Cihan Erdem

            are you sure ?

          • Rob Weeks

            Hi..
            I am hiving this issue at the moment with a johny cryptor@hackermail or something. my files have change to .xtbl is this something i could get some help with please?

      • Francesco

        Hi Ciham i see you are a lot kind helping persons who had problem of ransomware like me, i saw your mail and i send a couple of files as well. My files are all XTBL and seems to be ninja gaiver. Please let me know and thank’s a lot!

        • parixit kakaiya

          i also hacked by him my totally data lost

          parixit from india

          • Cihan Erdem

            what are the extensions of your encrypted files ?

        • Cihan Erdem

          xtbl is not ninja gaiver

      • Roshan Sharma

        Hey guys…files encrypted in .xtbl format.Tried lots of stuff, but not able to decrypt ..any idea ???

      • Pepper

        Hi Cihan I got my files encrypted with “.beta” extension – probably is a four char random extension. There is a decriptor ?
        thanks in advance

      • adrian

        Ive got nemucod Help. email adriansrowe@gmail.com

  • Georgian Adam

    thank you, great job!

  • ImePrezime

    a friend of mine hav crypted files with extension .vvv from 10.12.2015. I try to clean with this decryptor but receive message no virus found?

    • Cihan Erdem

      i can help you for your vvv files, please send me 1-2 encrypted files.

      • thabo frank

        Zepto ransomware hit my files can you help ?

        • Cihan Erdem

          unfo no

  • Liridon Ismajli

    Thanks a lot guys, works well for me. I have recovered all of my encrypted files. Great job !

  • Rohit Patel

    .locky

    0 infected files found.

    0 file(s) cleaned.

    Cleaning Finished.

  • Rohit Patel

    is their any solution from .locky file all filename is change randomly and extension is .locky

    • Sorry. If this is really a Locky attack, I’m not aware of a viable decrypter. There’s a thing called AutoLocky that might be decryptable, but it doesn’t sound as if that’s what you have.

      • Rohit Patel

        SO HOW MUCH TIME IT WILL TAKE FOR THE SOLUATION

        • Myco Sys

          How much are you willing to pay a programmer?
          Or did you think you were owed something?

        • Unfortunately, it simply isn’t possible to provide a decryptor for all ransomware, at any rate not within a reasonable timeframe. The universal decryptor is a Hollywood invention, I’m afraid, not a practical solution to ransomware. At any rate with our present technology. (Sorry I haven’t responded before – I’ve only just seen your question.)

  • Viktar

    Anyone can help with decrypting of *.xtbl files?
    Tried all the tools but the txt file with code was lost:(

  • Ederson

    Boa noite, alguém ja conseguiu recuperar arquivos xtbl?

  • Gerardo Estrada

    Hy guys:
    Do I have to buy a licence to use the tool? or ca I used it by free?

  • Nick

    please, any decryptor for “.enc” files?

  • Kangwa Yung Ålädîñ

    help >> .a625

  • Bobi Krustev

    need decryptor for XTBL files?

  • yatzek01

    OMG it works with micro files, after a year of injection. Tkank you guys so much!!!!

  • Ann nicole Saiking

    hi can you help decrypting the file ext. .sman? hoping your feedback please e-mail me thanks in advance. my e-mail nicolesaiking@gmail.com

  • dhongki

    does not work with .ccc extensions?

  • Josue123

    there will be some solution for .crypt?

Follow us

Copyright © 2018 ESET, All Rights Reserved.