As we’ve previously mentioned, the creators of TeslaCrypt, the constantly evolving trojan-cryptor, have suddenly decided to stop its distribution and release a master key. A master key is a key that can be used to decrypt any file encrypted by latest versions of TeslaCrypt.
Malware analysts at Kaspersky Lab used this master key to update our RakhniDecryptor tool, which is designed for decrypting files damaged by several types of ransomware, to version 188.8.131.52. This update has added support for TeslaCrypt v3 and v4.
Prior to the update, RakhniDecryptor helped users impacted with TeslaCrypt v1 and v2. The publication of the master key gave us the chance to add support for TeslaCrypt v3 and v4 (both are detected by our products and other Kaspersky anti-virus products as Trojan-Ransom.Win32.Bitman).
So, if you have fallen victim to some ransomware and your encrypted files have one of the following extensions:
.xxx, .ttt, .micro, .mp3 or their original extension
We suggest that you try our utility which may help you get your files back.
— Kaspersky Lab (@kaspersky) May 19, 2016
To decrypt your files, follow this simple steps:
1. Download RakhniDecryptor from our site and install it on your PC;
2. Run RakhniDecryptor.exe;
3. Click the Change parameters button;
4. Select objects that you want to scan. Most likely it would be only your hard drive, but if you had removable drives installed or open network shares connected — you’d better tick these as well.
5. You can select Delete crypted files after decryption to clean up your hard drive from encrypted files, but we recommend that you don’t. It’s better to get 100% sure that the files were really decrypted before deleting the originals. After that click Ok
6. Hit the Start Scan button.
7. In the Specify the path to one of encrypted files, select one of the files you need to restore and click Open.
8. Wait until the RakhniDecryptor recovers your files. Please note that this process may take a significant amount of time.
We hope that our utility can help you get your files back. In order not to fall victim to some other ransomware we recommend you to use proactive protection, such as Kaspersky Internet Security that can stop ransomware before it has even started encrypting your files.