Ransomware is a particularly nefarious type of malware that hijacks computers and forces victims to pay a ransom in order to access their files. One of the reasons it is so successful is because ransomware developers use strong encryption that is virtually unbreakable without a decryption key. As a result, individuals and businesses without a backup must either pay the ransom or risk losing their documents forever. This tactic has proven to be very effective based on reports by the FBI estimating that cyber criminals have extorted over $209 million in the first three months of 2016 alone. Recently, ransomware made headlines when it shut down hospitals in Los Angeles, Kentucky and Washington, D.C.
In a surprise turn of events, at least one ransomware developer has had a change of heart. For several weeks, a security researcher at ESET noticed that the developers of the TeslaCrypt ransomware were slowly shutting down their operations. The researcher reached out and asked if they were willing to release the master decryption key, which they did. A note posted to the former TeslaCrypt payment site now reads:
“Project closed! Master key for decrypt: 440A241DD80FCC5664E861989DB716E08CE627D8D40C7EA360AE855C727A49EE. Wait for other people make universal decrypt software. We are sorry!”
With the release of the master decryption key, victims can now download a tool from ESET to decrypt files encrypted by TeslaCrypt without paying the ransom.
While this is certainly a happy ending for those infected with the TeslaCrypt, ransomware remains a persistent threat, and organizations should take steps to safeguard against ransomware of all types. At a minimum, this development highlights the importance of preserving files encrypted by ransomware, even if you choose not to pay the ransom or are unable to decrypt the files.
TeslaDecoder from ESET http://support.eset.com/kb6051/?viewlocale=en_US