-2

I would like to know how to decipher a Windows 7 system that has been infected with a variant of Teslacrypt that:

  • Encrypts a bunch of files and adds up "mp3" extension to theim
  • Creates new files in many directories (PNG, HTML, TXT, WORD...) called recover+[random string] containing steps on how to pay the ransom -Adds those same files to startup menu folder "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" so that steps to pay the ransom appear at startup

I've already tried Tesladecoder, but it turns out it didn't find the key. I'm hesitant on using teslacracker since the RSA key is 4096 lenght and that would take a lot of time to crack even for a 4GB RAM i5 CPU laptop.

So, any help is appreciated. Thanks

PS: I don't have any system backups.

Synchro
  • 19
  • 1
  • 3
    "I'm hesitant on using teslacracker since the RSA key is 4096 lenght and that would take a lot of time to crack even for a 4GB RAM i5 CPU laptop." Basically that would be a waste of (CPU) power even on a top of the line machine - which you could probably use after transferring the disk. You'd never find the private key, ever. Then again, RSA is not 100% secure against quantum computing, so....maybe in 20 years. – Maarten Bodewes Feb 27 '16 at 13:26
  • Two options: pay or lose data. – Neil Smithline Feb 27 '16 at 16:32

1 Answers1

-1

i've found a link that mentions several decryption programs for TeslaCrypt, i've never been infected so i can't validate either of these, but they are beeing discussed on a teslacrypt deciphering discussion page! http://www.bleepingcomputer.com/news/security/teslacrypt-decrypted-flaw-in-teslacrypt-allows-victims-to-recover-their-files/

Robin
  • 59
  • 5