How to recover files encrypted by all Teslacrypt Ransomware variants

Experts from Cisco Talos team have improved their decryptor tool to allow the recovery of files encrypted by all the Teslacrypt Ransomware variants

In May, the criminals behind the TeslaCrypt ransomware leaked online the master encryption key that allowed security experts to develop a decryption tool for the last variant of the threat.

“In surprising end to TeslaCrypt, the developers shut down their ransomware and released the master decryption key. Over the past few weeks, an analyst for ESET had noticed that the developers of TeslaCrypt have been slowly closing their doors, while their previous distributors have been switching over to distributing the CryptXXX ransomware. ” reported Lawrence Abrams from that also published a step by step guide to use the Teslacrypt decryption Tool.

The decryptor was developed by experts from the ESET security Firm, it was able to unlock files encrypted by versions 3 and 4 of TeslaCrypt by using the above master key, released on May 19.

“Today, ESET® released a decryptor for recent variants of the TeslaCrypt ransomware. If you have been infected by one of the new variants (v3 or v4) of the notorious ransomware TeslaCrypt and the encrypted files have the extensions .xxx, .ttt, .micro, .mp3 or remained unchanged, then ESET has good news for you.” announced ESET.

I have other good news for the victims of all TeslaCrypt variants, Cisco Talos Team has updated its decryptor tool to address all four versions of TeslaCrypt ransomware in wild.

“Talos has developed a decryption tool to aid users whose files have been encrypted by TeslaCrypt ransomware. The Talos TeslaCrypt Decryption Tool is an open source command line utility for decrypting TeslaCrypt encrypted files so users’ files can be returned to their original state.” states the announcement published by Cisco Talos.

Version 1.0 is able to decrypt all the files encrypted by all version of TeslaCrypt and AlphaCrypt:

  • TeslaCrypt 0.x – Encrypts files using an AES-256 CBC algorithm
  • AlphaCrypt 0.x – Encrypts files using AES-256 and encrypts the key with EC
  • TeslaCrypt 2.x – Same as previous versions, but uses EC to create a weak Recovery key. The application is able to use factorization to recover the victim’s global private key.
  • TeslaCrypt 3 & 4 – The latest versions. Able to decrypt thanks to the C&C server EC private key which was recently released.

It’s still unclear why crooks decided to leak the TeslaCrypt ransomware masterkey, the threat is continuing to infect netizens and businesses across the world.

The experts from the FBI estimated the first quarter revenues for the TeslaCrypt ransomware at more than $200 million.

In some cases, the experts have discovered the decryption keys hidden in the source code of the threat, a circumstance that allowed them to build a decryption tool.

Last improvements for the TeslaCrypt ransomware were observed by experts at Endgame Inc in April, the authors implemented new sophisticated obfuscation and evasion techniques and were able to target new file types.

You can download Teslacrypt Tool for free from

Pierluigi Paganini

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2022

We are in our 10th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.


10th Anniversary Exclusive Top 100 CISO Conference & Innovators Showcase