Malwarebytes releases free decryptor for Telecrypt ransomware

Khushaar Tanveer avatar. By: Khushaar Tanveer
2 minute read

Home » News » Malwarebytes releases free decryptor for Telecrypt ransomware

The unusual ransomware TeleCrypt, known for hijacking the messaging app Telegram to communicate with attackers rather than simple HTTP-based protocols, is no longer a threat to users. Thanks to malware analyst for Malwarebytes Nathan Scott along with his team at the Kaspersky Lab, the strain of ransomware has been cracked just weeks after its release.

They were able to uncover a major flaw in the ransomware by revealing the weakness of the encryption algorithm used by the infected TeleCrypt. It encrypted files by looping through them a single byte at a time and then adding a byte from the key in order. This simple method of encryption allowed security researchers a way to crack through the malicious code.

What made this ransomware uncommon was its command and control (C&C) client-server communications channel, which is why the operators chose to co-opt the Telegram protocol instead of HTTP/HTTPS like most ransomware do these days — even though the vector was noticeably low and targeted Russian users with its first version. Reports suggest that Russian users who unintentionally downloaded infected files and installed them after falling prey to phishing attacks were shown a warning page blackmailing the user into paying a ransom to retrieve their files. In this case, victims are demanded to pay 5,000 rubles ($77) for the so-called “Young Programmers Fund.”

The ransomware targets over hundred different file types including jpg, xlsx, docx, mp3, 7z, torrent or ppt.

The decryption tool, Malwarebytes, allows victims to recover their files without paying. However, you need an unencrypted version of a locked file to act as a sample to generate a working decryption key. You can do so by logging-in to your email accounts, file syncing services (Dropbox, Box), or from older system backups if you made any.

After the decryptor finds the encryption key, it will then present the user with the option to decrypt a list of all encrypted files or from one specific folder.

The process works as such: The decrypting program verifies the files you provide. If the files match and are encrypted by the encryption scheme Telecrypt uses, you are then navigated to the second page of the program interface. Telecrypt keeps a list of all encrypted files at “%USERPROFILE%\Desktop\База зашифр файлов.txt”

You can get the Telecrypt ransomware decryptor created by Malwarebytes from this Box link.

Discussions

Next up

Here’s how to fix Windows was unable to find a certificate error

Tashreef Shareef avatar. By: Tashreef Shareef
4 minute read

If you have set up a new wireless router or Internet connection, the possibility is that you may end up with the Windows was unable […]

Continue Reading

Here’s how to fix Minecraft fatal error on Windows 10

Tashreef Shareef avatar. By: Tashreef Shareef
4 minute read

Minecraft is a popular sandbox video game, but many users reported Fatal error in Minecraft. The Minecraft Fatal error can occur due to several reasons, […]

Continue Reading

Intel drivers are ready for Windows 10 May 2019 Update

Rabia Noureen avatar. By: Rabia Noureen
2 minute read

Intel recently rolled out new graphics driver updates for the 64-bit version of Windows 10 v1903. The company released these updates in order to avoid […]

Continue Reading