Malwarebytes releases free decryptor for Telecrypt ransomware

Khushaar Tanveer avatar. By: Khushaar Tanveer
2 minute read

Home » News » Malwarebytes releases free decryptor for Telecrypt ransomware

The unusual ransomware TeleCrypt, known for hijacking the messaging app Telegram to communicate with attackers rather than simple HTTP-based protocols, is no longer a threat to users. Thanks to malware analyst for Malwarebytes Nathan Scott along with his team at the Kaspersky Lab, the strain of ransomware has been cracked just weeks after its release.

They were able to uncover a major flaw in the ransomware by revealing the weakness of the encryption algorithm used by the infected TeleCrypt. It encrypted files by looping through them a single byte at a time and then adding a byte from the key in order. This simple method of encryption allowed security researchers a way to crack through the malicious code.

What made this ransomware uncommon was its command and control (C&C) client-server communications channel, which is why the operators chose to co-opt the Telegram protocol instead of HTTP/HTTPS like most ransomware do these days — even though the vector was noticeably low and targeted Russian users with its first version. Reports suggest that Russian users who unintentionally downloaded infected files and installed them after falling prey to phishing attacks were shown a warning page blackmailing the user into paying a ransom to retrieve their files. In this case, victims are demanded to pay 5,000 rubles ($77) for the so-called “Young Programmers Fund.”

The ransomware targets over hundred different file types including jpg, xlsx, docx, mp3, 7z, torrent or ppt.

The decryption tool, Malwarebytes, allows victims to recover their files without paying. However, you need an unencrypted version of a locked file to act as a sample to generate a working decryption key. You can do so by logging-in to your email accounts, file syncing services (Dropbox, Box), or from older system backups if you made any.

After the decryptor finds the encryption key, it will then present the user with the option to decrypt a list of all encrypted files or from one specific folder.

The process works as such: The decrypting program verifies the files you provide. If the files match and are encrypted by the encryption scheme Telecrypt uses, you are then navigated to the second page of the program interface. Telecrypt keeps a list of all encrypted files at “%USERPROFILE%\Desktop\База зашифр файлов.txt”

You can get the Telecrypt ransomware decryptor created by Malwarebytes from this Box link.

Discussions

Next up

Top 4 Blu-Ray creator software to create Blu-Ray videos

Daniel Segun By: Daniel Segun
Less than a 1 minute read

Blu-ray is, without doubt, the most powerful video content hub today, which is a marked improvement to the preceding DVD medium. However, its convenience of […]

Continue Reading

How can I recover PowerPoint passwords within minutes?

Daniel Segun By: Daniel Segun
5 minute read

Microsoft PowerPoint presentations usually contain important, sometimes classified, documents. Hence, most people tend to password-protect such documents against unauthorized access. However, what happens if you […]

Continue Reading

5 automated receptionist software for increased productivity

Madhuparna Sukul avatar. By: Madhuparna Sukul
Less than a 1 minute read

The reception desk is the face and voice of any organization. An automated receptionist software simplifies the entire process of visitor management. Whether it’s the customer, […]

Continue Reading