Malwarebytes releases free decryptor for Telecrypt ransomware

2 minute read

Home » News » Malwarebytes releases free decryptor for Telecrypt ransomware

The unusual ransomware TeleCrypt, known for hijacking the messaging app Telegram to communicate with attackers rather than simple HTTP-based protocols, is no longer a threat to users. Thanks to malware analyst for Malwarebytes Nathan Scott along with his team at the Kaspersky Lab, the strain of ransomware has been cracked just weeks after its release.

They were able to uncover a major flaw in the ransomware by revealing the weakness of the encryption algorithm used by the infected TeleCrypt. It encrypted files by looping through them a single byte at a time and then adding a byte from the key in order. This simple method of encryption allowed security researchers a way to crack through the malicious code.

What made this ransomware uncommon was its command and control (C&C) client-server communications channel, which is why the operators chose to co-opt the Telegram protocol instead of HTTP/HTTPS like most ransomware do these days — even though the vector was noticeably low and targeted Russian users with its first version. Reports suggest that Russian users who unintentionally downloaded infected files and installed them after falling prey to phishing attacks were shown a warning page blackmailing the user into paying a ransom to retrieve their files. In this case, victims are demanded to pay 5,000 rubles ($77) for the so-called “Young Programmers Fund.”

The ransomware targets over hundred different file types including jpg, xlsx, docx, mp3, 7z, torrent or ppt.

The decryption tool, Malwarebytes, allows victims to recover their files without paying. However, you need an unencrypted version of a locked file to act as a sample to generate a working decryption key. You can do so by logging-in to your email accounts, file syncing services (Dropbox, Box), or from older system backups if you made any.

After the decryptor finds the encryption key, it will then present the user with the option to decrypt a list of all encrypted files or from one specific folder.

The process works as such: The decrypting program verifies the files you provide. If the files match and are encrypted by the encryption scheme Telecrypt uses, you are then navigated to the second page of the program interface. Telecrypt keeps a list of all encrypted files at “%USERPROFILE%\Desktop\База зашифр файлов.txt”

You can get the Telecrypt ransomware decryptor created by Malwarebytes from this Box link.

Discussions

Next up

Gears 5 Versus Tech Test Trailer revealed and it’s purely awesome

John Taylor avatar. By: John Taylor
2 minute read

Gears 5 is the latest instalment in the Gears of War third-person shooter franchise, and is set to be released on September 10, 2019. Yesterday, […]

Continue Reading

Microsoft might timestamp screenshots by default in the future

Vlad Turiceanu By: Vlad Turiceanu
2 minute read

Screenshots are very useful when you want to remember something or if you want to share some info with someone. Windows 10 offers a couple […]

Continue Reading

VPN not working with Asus router [FIXED BY EXPERTS]

Vladimir Popescu avatar. By: Vladimir Popescu
3 minute read

Some users have reported that their VPN is not working with their Asus router. This problem seems to apply to a wide range of Asus […]

Continue Reading