Help decrypting file (RSA 4096) : original file extensions

[ghost]

Hi,

I have my friend's computer which has his files being encrypted by RSA 4096 virus (it's written in the files named RECOVER, or something like that (images)).

I want to decrypt those files, but I'm stuck in the first steps, when I have to get the AES-key : when I type "python teslacrack.py -v myfilename.jpg", I got no key, just multiple lines with ": 0" at the end, like "encrypt : 0", etc.

You have to know that his files keep their extensions, pictures are still .jpg/png, documents are still .odt/doc...

What can I do ?

Thanks.

EDIT: Yes, when I type the command for teslacrack.py, the file is recognized, I tried by typing something not existing, and then console say "file not found"; but not for the file I try to analyze.

[Demonslay335]

If the extensions were not changed, it's TeslaCrypt 4.0+. It is not susceptible to the same attack. There is no solution at this time, you can only restore from backups or pay the ransom.

[Demonslay335]

@veritable Just wanted to make sure you got the news that all versions of TeslaCrypt are now decryptable. :)

http://www.bleepingcomputer.com/news/security/teslacrypt-shuts-down-and-releases-master-decryption-key/