TeslaCrypt Project Shutdown

TeslaCrypt Shutdown

The group responsible for TeslaCrypt, currently one of the largest ransomware variants, has recently decided to stop their operations and shutdown the ransomware project. In a surprising turn of events, they have handed over information allowing security companies to decrypt all files affected by the malware.

If you were infected with a recent version of TeslaCrypt (v3 or v4) and still have the encrypted files (.xxx, .ttt, .micro, .mp3 extensions), you can now use freely-available decrypting software to get your files back (examples and instructions in links 1 and 2 below).
If you have been affected by ransomware but are unsure which variant, you can use the ID-ransomware service in link 3.

While this is great news for the victims, ransomware is still a very real threat with new variants showing up every week. You can find more information about ransomware in our advisory

External resources

  1. http://support.eset.com/kb6051/
  2. http://www.bleepingcomputer.com/news/security/teslacrypt-shuts-down-and-...
  3. https://id-ransomware.malwarehunterteam.com/