Demonslay335
commented
8 years ago It is TeslaCrypt 3.0, there is no solution for it.
Closed ahsaad123 closed 8 years ago
Demonslay335
commented
8 years ago It is TeslaCrypt 3.0, there is no solution for it.
ahsaad123
commented
8 years ago Sad to learn that. But thank you for the note.
ScrimForever
commented
8 years ago Did you think this new .mp3 extension is possible to break ?
Demonslay335
commented
8 years ago Hard telling at this point. Can only hope. The previous versions were thought to be unbreakable for months, and then were broken, so there's always hope. It certainly is not possible to simply brute-force or break the encryption itself; feel free to research how long it takes to break properly-implemented AES256, talking several hundred years even if we were to use Google's full server might.
ScrimForever
commented
8 years ago Yes... I don´t know, but someone tried to dump RAM and Network to find public key sent by program ?
Demonslay335
commented
8 years ago There is a program by a company that is able to get one of the keys from the malware's memory as it runs; the program has to be installed BEFORE the infection though, and is useless after the encryption has finished. The network request is of no use, as it is just an encrypted version of what is already embedded in the header of every encrypted file essentially. We are able to decode the network request, but it just has another layer of AES256 encryption and SHA256 hashing. Can't break that either.
ScrimForever
commented
8 years ago sure...thanks.... i hope someone find solutions to this !
ScrimForever
commented
8 years ago Hi guys.. anyone have information about mp3 files decrypt ???
learnerskp
commented
8 years ago I also face to encrypted mp3 file extension attack. some body advice me and help decrypt. please check my attach file for analysis. encrypted mp3 extension file Link : https://www.sendspace.com/file/3s7yf1 malware file link : https://www.sendspace.com/file/kg72f0
Demonslay335
commented
8 years ago There is still no solution for TeslaCrypt 3.0 at this time. No-one can decrypt any files with the extensions .xxx, .ttt, .micro, or .mp3 files.
learnerskp
commented
8 years ago Dear! Michael Gillespie and Googulator Team Special thanks for your prompt response. If there any related information and solution please help me and advice.
On Fri, Mar 4, 2016 at 11:15 AM, Michael Gillespie <notifications@github.com
wrote:
There is still no solution for TeslaCrypt 3.0 at this time. No-one can decrypt any files with the extensions .xxx, .ttt, .micro, or .mp3 files.
— Reply to this email directly or view it on GitHub https://github.com/Googulator/TeslaCrack/issues/32#issuecomment-192102014 .
B.Regards, System vulnerability Research & Network Forensics
Vinaya-hub
commented
8 years ago windows user, can anyone try this one and see how it works http://pcthreatskiller.com/teslacrypt-4-0-mp3-extension-virus-removal-steps/
Demonslay335
commented
8 years ago @ahsaad123 @ScrimForever @learnerskp
Just wanted to make sure you got the news that all versions of TeslaCrypt are now decryptable. :)
Hi. I have a pc that got infected yesterday where all files changed to .mp3 (mostly docx files originaly) and of course it came with a message all over the pc that your files are decrypted and asking for randsom. Do u think your tool can decrypt the files? Or is that a new varient like .xxx???