TeslaCrypt Ransomware Shuts Down, Releases Master Key

The group responsible for the TeslaCrypt ransomware recently provided ESET researchers with the universal master decryption key for the malware.

Anyone whose files have been encrypted by the ransomware, with the encrypted files having the extensions .xxx, .ttt, .micro., .mp3 or remaining unchanged, can use ESET’s free decrypting tool to unlock all encrypted files.

“We must stress that ransomware remains one of the most dangerous computer threats at this moment, and prevention is essential to keep users safe,” the researchers wrote. “Therefore, they should keep operating systems and software updated, use reliable security solutions with multiple layers of protection, and regularly back up all important and valuable data at an offline location (such as external storage).”

Lastline co-founder and chief architect Dr. Engin Kirda told eSecurity Planet by email that the group’s decision to suspend its operations is surprising, particularly considering how profitable ransomware can be. “We can only speculate about the reasons for their actions,” he said.

Still, Kirda noted that this isn’t the first time a major malware family has ceased operation. “For example, the Storm botnet reduced its operations in 2008, and in 2014, Careto shutdown its command and control servers after it was discovered,” he said. “In any case, although TeslaCrypt is a well-known malware family, the fact that it won’t be active any more will not significantly change the ransomware threat landscape, and ransomware attacks will continue as these attacks are still very profitable.”

According to the results of a recent ESET survey of 3,000 people in the U.S. and Canada, almost one third of respondents had no idea what ransomware was.

And many respondents admitted that they do nothing to protect themselves from ransomware — 31 percent said they never back up their files, and 42 percent didn’t know if the Internet security solution they were using helped protect them from ransomware.

Still, 85 percent of respondents said that if they were infected with ransomware, they would not pay the ransom and would risk losing their files.

A recent eSecurity Planet article examined the threat ransomware presents to the Internet of Things.

Jeff Goldman
Jeff Goldman
Jeff Goldman has been a technology journalist for more than 20 years and an eSecurity Planet contributor since 2009.

Top Products

Related articles