• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Teslacrypt releases master key

Solaris17

Creator Solaris Utility DVD
Joined
Aug 16, 2005
Messages
19,487 (4.20/day)
Likes
6,423
Location
Florida
System Name Venslar
Processor I9 7980XE
Motherboard MSI x299 Tomahawk Arctic
Cooling EKWB L360 R2.0
Memory 32GB Corsair DDR4 3000mhz
Video Card(s) Gigabyte 1080TI
Storage 2x HGST 3TB (RAID0) | 1x ADATA 128SSD (Cache) | 1x Drevo 256SSD | 1x 1TB 850 EVO | 1x 250GB 960 EVO
Display(s) 3x AOC Q2577PWQ (2k IPS)
Case Inwin 303 White (Thermaltake Ring 120mm Purple accent)
Audio Device(s) Realtek ALC 1220 on Audio-Technica ATH-AG1
Power Supply Seasonic 1050W Snow
Mouse Roccat Tyon White
Keyboard Ducky Shine 6 Snow White
Software Windows 10 x64 Pro
#1

Frick

Fishfaced Nincompoop
Joined
Feb 27, 2006
Messages
14,921 (3.36/day)
Likes
5,439
System Name A dancer in your disco of fire
Processor i3 4130 3.4Ghz
Motherboard MSI B85M-E45
Cooling Cooler Master Hyper 212 Evo
Memory 4 x 4GB Crucial Ballistix Sport 1400Mhz
Video Card(s) Asus GTX 760 DCU2OC 2GB
Storage Crucial BX100 120GB | WD Blue 1TB x 2
Display(s) BenQ GL2450HT
Case AeroCool DS Cube White
Power Supply Cooler Master G550M
Mouse Intellimouse Explorer 3.0
Keyboard Dell SK-3205
Software Windows 10 Pro
#2
That sure is interesting and nice, but as noted they're moving to other encyptions anyway. Don't know how big TeslaCrypt was thogh.

Edit: Google says CryptXXX sucks and can be decrypted. Goooooood, because cryptoware is something I genuinly fear. Not that my browser/security habits are bad, but still.
 

Solaris17

Creator Solaris Utility DVD
Joined
Aug 16, 2005
Messages
19,487 (4.20/day)
Likes
6,423
Location
Florida
System Name Venslar
Processor I9 7980XE
Motherboard MSI x299 Tomahawk Arctic
Cooling EKWB L360 R2.0
Memory 32GB Corsair DDR4 3000mhz
Video Card(s) Gigabyte 1080TI
Storage 2x HGST 3TB (RAID0) | 1x ADATA 128SSD (Cache) | 1x Drevo 256SSD | 1x 1TB 850 EVO | 1x 250GB 960 EVO
Display(s) 3x AOC Q2577PWQ (2k IPS)
Case Inwin 303 White (Thermaltake Ring 120mm Purple accent)
Audio Device(s) Realtek ALC 1220 on Audio-Technica ATH-AG1
Power Supply Seasonic 1050W Snow
Mouse Roccat Tyon White
Keyboard Ducky Shine 6 Snow White
Software Windows 10 x64 Pro
#3
That sure is interesting and nice, but as noted they're moving to other encyptions anyway. Don't know how big TeslaCrypt was thogh.

Edit: Google says CryptXXX sucks and can be decrypted. Goooooood, because cryptoware is something I genuinly fear. Not that my browser/security habits are bad, but still.
Tesla was one of the bigger ones. I fear it as well. It is very prevalent and we deal with clients all the time that get hit. Though you are also correct in that there are obviously others. The magnitude is a bit bigger than you might think. The article is just now mentioning other variants being explored. But the ecosystem for this kind of infection is already pretty vast. Take a look.

https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml#

They even have variations that are fileless and attack via WMI remotely.
 
Joined
Dec 6, 2005
Messages
10,317 (2.28/day)
Likes
4,190
Location
Manchester, NH
System Name Working on it ;)
Processor I7-4790K (Stock speeds right now)
Motherboard MSI Z97 U3 Plus
Cooling Be Quiet Pure Rock Air
Memory 16GB 4x4 G.Skill CAS9 2133 Sniper
Video Card(s) GIGABYTE Vega 64 (Non Reference)
Storage Samsung EVO 500GB / 8 Different WDs / QNAP TS-253 8GB NAS with 2x2Tb WD Black
Display(s) 34" LG 34CB88-P 21:9 Curved UltraWide QHD (3440*1440)
Case Rosewill Challenger
Audio Device(s) Onboard + HD HDMI
Power Supply Corsair HX750 (love it)
Mouse Logitech G5
Keyboard Corsair Strafe RGB & G610 Orion Red
Software Win 10 upgraded from Win 7 Pro
#4
Wow truth is stranger than fiction!
 

Solaris17

Creator Solaris Utility DVD
Joined
Aug 16, 2005
Messages
19,487 (4.20/day)
Likes
6,423
Location
Florida
System Name Venslar
Processor I9 7980XE
Motherboard MSI x299 Tomahawk Arctic
Cooling EKWB L360 R2.0
Memory 32GB Corsair DDR4 3000mhz
Video Card(s) Gigabyte 1080TI
Storage 2x HGST 3TB (RAID0) | 1x ADATA 128SSD (Cache) | 1x Drevo 256SSD | 1x 1TB 850 EVO | 1x 250GB 960 EVO
Display(s) 3x AOC Q2577PWQ (2k IPS)
Case Inwin 303 White (Thermaltake Ring 120mm Purple accent)
Audio Device(s) Realtek ALC 1220 on Audio-Technica ATH-AG1
Power Supply Seasonic 1050W Snow
Mouse Roccat Tyon White
Keyboard Ducky Shine 6 Snow White
Software Windows 10 x64 Pro
#6
My questions are does MBAR work, and should I install it?
http://www.bleepingcomputer.com/download/malwarebytes-anti-ransomware/

Seems like the only real/100% working solution to any of it is to make frequent backups on an external drive/storage system.
Thats a tough question, MBAR and MBAM do pickup some of the variants, but they really are pumping them out. Definitely cases of being missed. The biggest issue we and Users are facing is that the bread and butter of the crypto malware is that they have the ability and are programmed to search connected drives and UNC paths so they also hit network shares. Unfortunately having something on a separate drive isn't 100% safe any more. Unless of course you disconnect it after you backup.