Assets 3

Decryption tool for TeslaCrypt ransomware. For details, please visit http://blogs.cisco.com/talos/teslacrypt

TeslaDecrypt

Version 1.0

An application able to decrypt all the files encrypted by all version of TeslaCrypt and AlphaCrypt:

  • TeslaCrypt 0.x - Encrypts files using an AES-256 CBC algorithm
  • AlphaCrypt 0.x - Encrypts files using AES-256 and encrypts the key with EC
  • TeslaCrypt 2.x - Same as previous versions, but uses EC to create a weak Recovery key. The application is able to use factorization to recover the victim's global private key.
  • TeslaCrypt 3 & 4 - The latest versions. Able to decrypt thanks to the C&C server EC private key which was recently released.
Improvements

This application contains a lot of improvements and modifications in respect to TeslaDecrypter 0.5. Here is a complete list:

  • Re-designed the decryption algorithm (now it properly deals with big files and uses less memory)
  • Added support for the Factorization algorithm (TeslaCrypt 2.x) able to reconstruct the victim's private key (Yes, written in plain C++ :-) and 50 times faster than its Python counterpart)
  • An algorithm able to manage and launch Msieve, and parse its log file
  • Added support for TeslaCrypt 3.x and 4.x
  • Added key verification algorithms (TeslaCrypt 2.x/3/4) - In this way the Decryptor can't produce invalid files
  • A powerful command line arguments
  • Imported leaked TeslaCrypt 3.x/4 C&C private key