Googulator
commented
8 years ago Hi, This version is no longer vulnerable to a simple factorization attack. I'm still analyzing it in case there is a new vulnerability.
Closed malekalmorte75 closed 8 years ago
Googulator
commented
8 years ago Hi, This version is no longer vulnerable to a simple factorization attack. I'm still analyzing it in case there is a new vulnerability.
JonnyTech
commented
8 years ago @Googulator, can anyone here do anything to help?
mariosangiorgio
commented
8 years ago I'd be happy to help too
juanpark
commented
8 years ago Yep hearing reports on .xxx .ttt. .micro on the Korean front also.
annadn
commented
8 years ago What about .zzz version? Does it work for it?
Demonslay335
commented
8 years ago @annadn .zzz is one of the "older" variants, this script will still work for it. It will currently only not work for .xxx, .ttt, and .micro.
annadn
commented
8 years ago @Demonslay335 Thank you so much for the answer. Hope all of us will get our precious files back!
fedeq4
commented
8 years ago I had been atacked with .vvv variant a couple weeks ago... today my neighbour was too, with .micro
(argentina)
i've already took precautions making a backup on a hard disk... my neighbour wasn't so lucky..
is it possible to know what program are they explointin? adobe?
Demonslay335
commented
8 years ago @fedeq4 Typically it is a spam email with a bad attachment or link to a malicious site that runs a exploit kit. Exploit kits attack multiple things at once; its like a shotgun attack against the browser, Flash, Shockwave, and any possible plugins it can detect. The email is directly an executable that is run to start the infection.
willyset
commented
8 years ago Excuse me, my name is Willy, I want to ask my fitting contact with ransomware .CCC, I boot my computer safe and virus scan I use Malwarebytes and SpyHunter then fitting already completed my return to normal, then why file could partially lost my own?
2016-01-21 11:18 GMT-08:00 Michael Gillespie notifications@github.com:
@fedeq4 https://github.com/fedeq4 Typically it is a spam email with a bad attachment or link to a malicious site that runs a exploit kit. Exploit kits attack multiple things at once; its like a shotgun attack against the browser, Flash, Shockwave, and any possible plugins it can detect. The email is directly an executable that is run to start the infection.
— Reply to this email directly or view it on GitHub https://github.com/Googulator/TeslaCrack/issues/13#issuecomment-173679433 .
Demonslay335
commented
8 years ago @willyset Do you need help with decrypting your .ccc files? If you have trouble with the instructions in the readme, you may post a link to a sample encrypted file and I can help you.
willyset
commented
8 years ago I've managed to partially decrypt my files, but I lost files due to this virus is able to return?
I am confused how to restore my files were gone after I hit it and my virus scan with SpyHunter and Malwarebytes, and most of my lost files including photos of my family, anyone have a solution for this?
if file encryption stay a little longer finish.
2016-01-24 7:29 GMT-08:00 Michael Gillespie notifications@github.com:
@willyset https://github.com/willyset Do you need help with decrypting your .ccc files? If you have trouble with the instructions in the readme, you may post a link to a sample encrypted file and I can help you.
— Reply to this email directly or view it on GitHub https://github.com/Googulator/TeslaCrack/issues/13#issuecomment-174309543 .
Demonslay335
commented
8 years ago @willyset The virus and those tools do not delete any personal data. The virus encrypts all files, but you should be able to decrypt them if you were able to get the proper key. Did TeslaCrack skip files? You may have only decrypted one of the PrivateKeyFiles, which there can be many if the computer was rebooted during the infection. If you send me a sample file, I can get you the "master" key that should decrypt all of your files.
willyset
commented
8 years ago ohh then why with my files, why be lost, confused,, I've sent examples of his files in a previous email, I try decryption but the results are nothing like this:
SKIPPED - Unable to open file: C:\$RECYCLE.BIN\image-1-0a1964e9c3a7309e8e261148f8f55b40[1].jpg.ccc SKIPPED - Unknown or invalid format: C:\$RECYCLE.BIN\S-1-5-21-3189633932-2190147932-924816905-1001\$I1RFQYJ.ccc SKIPPED - Unknown or invalid format: C:\$RECYCLE.BIN\S-1-5-21-3189633932-2190147932-924816905-1001\$I9K3DZS.ccc SKIPPED - Unknown or invalid format: C:\$RECYCLE.BIN\S-1-5-21-3189633932-2190147932-924816905-1001\$IC25BCJ.ccc SKIPPED - Unknown or invalid format: C:\$RECYCLE.BIN\S-1-5-21-3189633932-2190147932-924816905-1001\$ID574WB.ccc SKIPPED - Unknown or invalid format: C:\$RECYCLE.BIN\S-1-5-21-3189633932-2190147932-924816905-1001\$IG1KHMQ.ccc SKIPPED - Unknown or invalid format: C:\$RECYCLE.BIN\S-1-5-21-3189633932-2190147932-924816905-1001\$IGQLZ30.ccc SKIPPED - Unknown or invalid format: C:\$RECYCLE.BIN\S-1-5-21-3189633932-2190147932-924816905-1001\$II94ZJL.ccc SKIPPED - Unknown or invalid format: C:\$RECYCLE.BIN\S-1-5-21-3189633932-2190147932-924816905-1001\$IK6X6PP.ccc SKIPPED - Unknown or invalid format: C:\$RECYCLE.BIN\S-1-5-21-3189633932-2190147932-924816905-1001\$IRF0T25.ccc SKIPPED - Unknown or invalid format: C:\$RECYCLE.BIN\S-1-5-21-3189633932-2190147932-924816905-1001\$IRUR369.ccc SKIPPED - Unknown or invalid format: C:\$RECYCLE.BIN\S-1-5-21-3189633932-2190147932-924816905-1001\$IWC511J.ccc SKIPPED - Unknown or invalid format: C:\$RECYCLE.BIN\S-1-5-21-3189633932-2190147932-924816905-1001\$IX03A06.ccc SKIPPED - Unknown or invalid format: C:\$RECYCLE.BIN\S-1-5-21-3189633932-2190147932-924816905-1001\$IZFYTLH.ccc SKIPPED - Unknown or invalid format: C:\$RECYCLE.BIN\S-1-5-21-3189633932-2190147932-924816905-1001\$R1RFQYJ.ccc SKIPPED - Unknown or invalid format: C:\$RECYCLE.BIN\S-1-5-21-3189633932-2190147932-924816905-1001\$R9K3DZS.ccc SKIPPED - Unknown or invalid format: C:\$RECYCLE.BIN\S-1-5-21-3189633932-2190147932-924816905-1001\$RC25BCJ.ccc SKIPPED - Unknown or invalid format: C:\$RECYCLE.BIN\S-1-5-21-3189633932-2190147932-924816905-1001\$RD574WB.ccc SKIPPED - Unknown or invalid format: C:\$RECYCLE.BIN\S-1-5-21-3189633932-2190147932-924816905-1001\$RG1KHMQ.ccc SKIPPED - Unknown or invalid format: C:\$RECYCLE.BIN\S-1-5-21-3189633932-2190147932-924816905-1001\$RGQLZ30.ccc SKIPPED - Unknown or invalid format: C:\$RECYCLE.BIN\S-1-5-21-3189633932-2190147932-924816905-1001\$RI94ZJL.ccc SKIPPED - Unknown or invalid format: C:\$RECYCLE.BIN\S-1-5-21-3189633932-2190147932-924816905-1001\$RK6X6PP.ccc SKIPPED - Unknown or invalid format: C:\$RECYCLE.BIN\S-1-5-21-3189633932-2190147932-924816905-1001\$RRF0T25.ccc SKIPPED - Unknown or invalid format: C:\$RECYCLE.BIN\S-1-5-21-3189633932-2190147932-924816905-1001\$RRUR369.ccc SKIPPED - Unknown or invalid format: C:\$RECYCLE.BIN\S-1-5-21-3189633932-2190147932-924816905-1001\$RWC511J.ccc SKIPPED - Unknown or invalid format: C:\$RECYCLE.BIN\S-1-5-21-3189633932-2190147932-924816905-1001\$RX03A06.ccc SKIPPED - Header doesn't match with loaded key (Encrypted with different key): C:\$RECYCLE.BIN\S-1-5-21-3189633932-2190147932-924816905-1001\$RZFYTLH.ccc
Demonslay335
commented
8 years ago I don't see any links to sample files. If you are replying by email to GitHub, it doesn't accept attachments I don't think. You may email me a sample to demonslay335@gmail.
Googulator
commented
8 years ago Closing dead support ticket.
Hello,
There is a new variant of TeslaCrack. Here two pdf.xxx if you want to update TeslaCrack if still possibl to decrypt files : http://pjjoint.malekal.com/files.php?id=20160113_c11r11e7i15h6
Thanks !
Best Regards