Wednesday 29 April 2015

Free Tool Provides Ransomware Victims Files Back


In March this year, there ransomware which focused specifically at gamers and files from popular computer games and gaming platforms like Steam encrypted and iTunes. Initially it was thought that it was a variant of the Crypto Locker ransomware, but the ransomware was eventually named "Tesla Crypt."

Like other ransomware victims must pay a fee to recover their files. Researchers from network giant Cisco, however, have discovered a vulnerability in the applied encryption, which makes it possible for the victims to decrypt without paying their files. The ransomware pretends to use asymmetric RSA-2048 encryption to encrypt files, but actually makes use of symmetric AES encryption.

The researchers also created a decryption utility to decrypt files free of charge. For this the "master key" must still be on the system. This file, called key.dat is in the user's application data directory stores. Users must copy this file to the directory of the decryption tool, and then run the tool, after all files are automatically decrypted. Using the tool is at your own risk, warns Cisco. Users also are advised to first back up their data.

No comments:

Post a Comment