variant .xxx

[malekalmorte75]

Hello,

There is a new variant of TeslaCrack.
Here two pdf.xxx if you want to update TeslaCrack if still possibl to decrypt files : http://pjjoint.malekal.com/files.php?id=20160113_c11r11e7i15h6

Thanks !

Best Regards

[Googulator]

Hi,
This version is no longer vulnerable to a simple factorization attack. I'm still analyzing it in case there is a new vulnerability.

[JonnyTech]

@Googulator, can anyone here do anything to help?

[mariosangiorgio]

I'd be happy to help too

[juanpark]

Yep hearing reports on .xxx .ttt. .micro on the Korean front also.

[annadn]

What about .zzz version? Does it work for it?

[Demonslay335]

@annadn .zzz is one of the "older" variants, this script will still work for it. It will currently only not work for .xxx, .ttt, and .micro.

[annadn]

@Demonslay335 Thank you so much for the answer. Hope all of us will get our precious files back!

[fedeq4]

I had been atacked with .vvv variant a couple weeks ago... today my neighbour was too, with .micro

(argentina)

i've already took precautions making a backup on a hard disk... my neighbour wasn't so lucky..

is it possible to know what program are they explointin? adobe?

[Demonslay335]

@fedeq4 Typically it is a spam email with a bad attachment or link to a malicious site that runs a exploit kit. Exploit kits attack multiple things at once; its like a shotgun attack against the browser, Flash, Shockwave, and any possible plugins it can detect. The email is directly an executable that is run to start the infection.

[willyset]

Excuse me, my name is Willy, I want to ask my fitting contact with
ransomware .CCC, I boot my computer safe and virus scan I use Malwarebytes
and SpyHunter then fitting already completed my return to normal, then why
file could partially lost my own?

2016-01-21 11:18 GMT-08:00 Michael Gillespie notifications@github.com:

@fedeq4 https://github.com/fedeq4 Typically it is a spam email with a
bad attachment or link to a malicious site that runs a exploit kit. Exploit
kits attack multiple things at once; its like a shotgun attack against the
browser, Flash, Shockwave, and any possible plugins it can detect. The
email is directly an executable that is run to start the infection.

—
Reply to this email directly or view it on GitHub
#13 (comment)
.

[Demonslay335]

@willyset Do you need help with decrypting your .ccc files? If you have trouble with the instructions in the readme, you may post a link to a sample encrypted file and I can help you.

[willyset]

I've managed to partially decrypt my files, but I lost files due to this
virus is able to return?

I am confused how to restore my files were gone after I hit it and my virus
scan with SpyHunter and Malwarebytes, and most of my lost files including
photos of my family, anyone have a solution for this?

if file encryption stay a little longer finish.

2016-01-24 7:29 GMT-08:00 Michael Gillespie notifications@github.com:

@willyset https://github.com/willyset Do you need help with decrypting
your .ccc files? If you have trouble with the instructions in the readme,
you may post a link to a sample encrypted file and I can help you.

—
Reply to this email directly or view it on GitHub
#13 (comment)
.

[Demonslay335]

@willyset The virus and those tools do not delete any personal data. The virus encrypts all files, but you should be able to decrypt them if you were able to get the proper key. Did TeslaCrack skip files? You may have only decrypted one of the PrivateKeyFiles, which there can be many if the computer was rebooted during the infection. If you send me a sample file, I can get you the "master" key that should decrypt all of your files.

[willyset]

ohh then why with my files, why be lost, confused,,
I've sent examples of his files in a previous email,
I try decryption but the results are nothing like this:

SKIPPED - Unable to open file:
C:$RECYCLE.BIN\image-1-0a1964e9c3a7309e8e261148f8f55b40[1].jpg.ccc
SKIPPED - Unknown or invalid format:
C:$RECYCLE.BIN\S-1-5-21-3189633932-2190147932-924816905-1001$I1RFQYJ.ccc
SKIPPED - Unknown or invalid format:
C:$RECYCLE.BIN\S-1-5-21-3189633932-2190147932-924816905-1001$I9K3DZS.ccc
SKIPPED - Unknown or invalid format:
C:$RECYCLE.BIN\S-1-5-21-3189633932-2190147932-924816905-1001$IC25BCJ.ccc
SKIPPED - Unknown or invalid format:
C:$RECYCLE.BIN\S-1-5-21-3189633932-2190147932-924816905-1001$ID574WB.ccc
SKIPPED - Unknown or invalid format:
C:$RECYCLE.BIN\S-1-5-21-3189633932-2190147932-924816905-1001$IG1KHMQ.ccc
SKIPPED - Unknown or invalid format:
C:$RECYCLE.BIN\S-1-5-21-3189633932-2190147932-924816905-1001$IGQLZ30.ccc
SKIPPED - Unknown or invalid format:
C:$RECYCLE.BIN\S-1-5-21-3189633932-2190147932-924816905-1001$II94ZJL.ccc
SKIPPED - Unknown or invalid format:
C:$RECYCLE.BIN\S-1-5-21-3189633932-2190147932-924816905-1001$IK6X6PP.ccc
SKIPPED - Unknown or invalid format:
C:$RECYCLE.BIN\S-1-5-21-3189633932-2190147932-924816905-1001$IRF0T25.ccc
SKIPPED - Unknown or invalid format:
C:$RECYCLE.BIN\S-1-5-21-3189633932-2190147932-924816905-1001$IRUR369.ccc
SKIPPED - Unknown or invalid format:
C:$RECYCLE.BIN\S-1-5-21-3189633932-2190147932-924816905-1001$IWC511J.ccc
SKIPPED - Unknown or invalid format:
C:$RECYCLE.BIN\S-1-5-21-3189633932-2190147932-924816905-1001$IX03A06.ccc
SKIPPED - Unknown or invalid format:
C:$RECYCLE.BIN\S-1-5-21-3189633932-2190147932-924816905-1001$IZFYTLH.ccc
SKIPPED - Unknown or invalid format:
C:$RECYCLE.BIN\S-1-5-21-3189633932-2190147932-924816905-1001$R1RFQYJ.ccc
SKIPPED - Unknown or invalid format:
C:$RECYCLE.BIN\S-1-5-21-3189633932-2190147932-924816905-1001$R9K3DZS.ccc
SKIPPED - Unknown or invalid format:
C:$RECYCLE.BIN\S-1-5-21-3189633932-2190147932-924816905-1001$RC25BCJ.ccc
SKIPPED - Unknown or invalid format:
C:$RECYCLE.BIN\S-1-5-21-3189633932-2190147932-924816905-1001$RD574WB.ccc
SKIPPED - Unknown or invalid format:
C:$RECYCLE.BIN\S-1-5-21-3189633932-2190147932-924816905-1001$RG1KHMQ.ccc
SKIPPED - Unknown or invalid format:
C:$RECYCLE.BIN\S-1-5-21-3189633932-2190147932-924816905-1001$RGQLZ30.ccc
SKIPPED - Unknown or invalid format:
C:$RECYCLE.BIN\S-1-5-21-3189633932-2190147932-924816905-1001$RI94ZJL.ccc
SKIPPED - Unknown or invalid format:
C:$RECYCLE.BIN\S-1-5-21-3189633932-2190147932-924816905-1001$RK6X6PP.ccc
SKIPPED - Unknown or invalid format:
C:$RECYCLE.BIN\S-1-5-21-3189633932-2190147932-924816905-1001$RRF0T25.ccc
SKIPPED - Unknown or invalid format:
C:$RECYCLE.BIN\S-1-5-21-3189633932-2190147932-924816905-1001$RRUR369.ccc
SKIPPED - Unknown or invalid format:
C:$RECYCLE.BIN\S-1-5-21-3189633932-2190147932-924816905-1001$RWC511J.ccc
SKIPPED - Unknown or invalid format:
C:$RECYCLE.BIN\S-1-5-21-3189633932-2190147932-924816905-1001$RX03A06.ccc
SKIPPED - Header doesn't match with loaded key (Encrypted with different
key):
C:$RECYCLE.BIN\S-1-5-21-3189633932-2190147932-924816905-1001$RZFYTLH.ccc

[Demonslay335]

I don't see any links to sample files. If you are replying by email to GitHub, it doesn't accept attachments I don't think. You may email me a sample to demonslay335@gmail.

[Googulator]

Closing dead support ticket.