The authors of the TeslaCrypt ransomware have publicly released the master decryption key that unlocks files encrypted by the malware in efforts to close up shop and go home for good.
Researchers have noticed that the distribution of TeslaCrypt was being phased out in favour of CryptXXX ransomware despite its likely difference. Lawrence Abrams, researcher from ESET, asked for the master decryption key on a TeslaCrypt support site after noticing the gradual decline.
Surprisingly, the cyber-criminals behind TeslaCrypt offered a free master key on the website for all to use, which quickly produced a universal decryption tool with no demands for payment. The decryptor unlocks files encrypted by TeslaCrypt 3.0 and 4.0, including files with .xxx, .ttt, .micro and .mp3 extensions.
“TeslaCrypt showed a great deal of experienced coding and knowledge about cryptography. CryptXXX on the other have had both of their versions decrypted already,” said Abrams when explaining how CryptXXX has been more inferior in comparison to TeslaCrypt.
In the past, TeslaCrypt was used in major malvertising attacks against visitors to high profile sites, however as white hats discover vulnerabilities, decryption tools are released from time to time. This has gradually given way to the usage of CryptXXX as the payload of choice for infected computers.
The fact that the creators of TeslaCrypt released their master key freely is unheard of in the world of ransomware as it removes the possibility of receiving any more payments from victims and renders it useless.
“We must stress that ransomware remains one of the most dangerous computer threats at this moment, and prevention is essential to keep users safe. Therefore, they should keep operating systems and software updated, use reliable security solutions with multiple layers of protection, and regularly back up all important and valuable data at an offline location,” We Live Security stated in a blog post.
“We also advise all users to be very careful when clicking on links or files in their email or browsers. This is particularly true when messages are received from unknown sources or otherwise look suspicious.”
According to Microsoft blog, large-scale ransomware incidents are most prevalent in the US, Italy, Canada and the UK.
As part of the ransomware awareness campaigns, Ransomware Info Day was held by the Swiss government and other industry players on 19 May.