TeslaCrypt’s master key has been released to the public, shutting down the ransomware for good in an unexpected twist in the malware’s story.
TeslaCrypt, which often targets gamers, lands on systems through malicious downloads, web domains which load exploit kits and phishing campaigns. As ransomware, TeslaCrypt will infect systems and encrypt user files, sticking up a landing page and removing access to the PC until a ransom is paid, usually in virtual currency Bitcoin.
What made TeslaCrypt a particularly severe case is that the developers behind the malware were very active, and researchers found it difficult to crack the software before new, even more sophisticated versions were released into the wild.
After posing as a victim of the ransomware, an ESET researcher used the support chat system on the payment website to ask if they would consider releasing the master TeslaCrypt decryption key.
While you might expect the cybercriminals to laugh at such an idea, they did not — and instead they agreed to do so and posted it on the website for all to use, closing the payment system on the website in the process.
As reported by Bleeping Computer, a TeslaCrypt expert has been able to use the master key to update the TeslaDecoder decryption software to unlock all versions of the ransomware which are encrypting files with the .xxx, .ttt, .micro, .mp3 or extensionless files without giving into the malware’s demands for payment.
The shutdown of TeslaCrypt is utterly unexpected and excellent news for both victims of the ransomware and security researchers who are constantly embroiled in a fight to crack ransomware variants as soon as they appear.
In some cases, such as CryptXXX, security experts are burrowing into the code to find loopholes which can be exploited in order to extract decryption keys and create software victims can use to unlock their systems.
However, it is a constant game of cat-and-mouse as active cybercriminals release new versions of the ransomware almost as soon as weaknesses have been discovered and used to break the malware’s encryption.
The reduction of one ransomware family is still one less that cybersecurity experts have to deal with.
The effects of the ransomware have been severe enough for the US and Canada to issue a joint statement warning both consumers and businesses of the malware’s existence and suggesting possible ways to recover files without giving into the demand for payment.
In a brief post documenting the rise of ransomware, Microsoft says that most incidents including this particular breed of malware have been recorded in the US, Italy and Canada, followed by the UK and Spain.