Malwarebytes releases free decryptor for Telecrypt ransomware

khushaartanveer@gmail.com' By: Khushaar Tanveer
2 minute read

The unusual ransomware TeleCrypt, known for hijacking the messaging app Telegram to communicate with attackers rather than simple HTTP-based protocols, is no longer a threat to users. Thanks to malware analyst for Malwarebytes Nathan Scott along with his team at the Kaspersky Lab, the strain of ransomware has been cracked just weeks after its release.

They were able to uncover a major flaw in the ransomware by revealing the weakness of the encryption algorithm used by the infected TeleCrypt. It encrypted files by looping through them a single byte at a time and then adding a byte from the key in order. This simple method of encryption allowed security researchers a way to crack through the malicious code.

What made this ransomware uncommon was its command and control (C&C) client-server communications channel, which is why the operators chose to co-opt the Telegram protocol instead of HTTP/HTTPS like most ransomware do these days — even though the vector was noticeably low and targeted Russian users with its first version. Reports suggest that Russian users who unintentionally downloaded infected files and installed them after falling prey to phishing attacks were shown a warning page blackmailing the user into paying a ransom to retrieve their files. In this case, victims are demanded to pay 5,000 rubles ($77) for the so-called “Young Programmers Fund.”

The ransomware targets over hundred different file types including jpg, xlsx, docx, mp3, 7z, torrent or ppt.

The decryption tool, Malwarebytes, allows victims to recover their files without paying. However, you need an unencrypted version of a locked file to act as a sample to generate a working decryption key. You can do so by logging-in to your email accounts, file syncing services (Dropbox, Box), or from older system backups if you made any.

After the decryptor finds the encryption key, it will then present the user with the option to decrypt a list of all encrypted files or from one specific folder.

The process works as such: The decrypting program verifies the files you provide. If the files match and are encrypted by the encryption scheme Telecrypt uses, you are then navigated to the second page of the program interface. Telecrypt keeps a list of all encrypted files at “%USERPROFILE%\Desktop\База зашифр файлов.txt”

You can get the Telecrypt ransomware decryptor created by Malwarebytes from this Box link.

For various PC problems, we recommend this tool.

This software will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Fix PC issues now in 3 easy steps:

  1. Download this PC Repair Tool rated "Excellent" on TrustPilot.com.
  2. Click “Start Scan” to find Windows issues that could be causing PC problems.
  3. Click “Repair All” to fix all issues with Patended Technologies (requires upgrade).

Next up

Best Windows 10 antivirus software to use in 2018

By: Radu Tyrsina
7 minute read

Update – 2018 will soon come to an end and we already have a guide on what is the best antivirus you should get in […]

Continue Reading

These features are out for good with Windows 10 version 1809

iamsovy@gmail.com' By: Sovan Mandal
2 minute read

Microsoft is all set to launch its next big update, Windows 10 version 1809 in October. While that should be a nice piece of news […]

Continue Reading

Windows 10 18H2 builds no longer receive new features

By: Matthew Adams
3 minute read

The Windows 10 October 2018 Update (otherwise 18H2) rollout might now be two to three weeks away. For the last few months, new build previews […]

Continue Reading

Discussions