Researchers have succeeded in cracking the encryption of the TeslaCrypt ransomware which means victims can get their files back without paying the criminals behind the malware. Teslacrypt was first discovered last year and like all ransomware encrypts files on infected computers. To decrypt the files, victims have to pay a ransom.
TeslaCrypt is different from other ransomware because it mainly targets files used by computer games. The encryption of TeslaCrypt was considered to be so strong that victims would never get their files back. However the Indian antivirus company QuickHeal was able to develop an application called TeslaCrack that is able to decrypt the files nevertheless.
The TeslaCrack application abuses a design flaw made by the TeslaCrypt developers which allows them to find the encryption key used for encrypting the files on victim’s computers. QuickHeal has posted the tool on open source hosting platform Github with instructions. The instructions make clear that decrypting the files with the tool isn’t for the average computer user.
The company also doesn’t guarantee its tool can decrypt all files and warns the process can be very time consuming.
While posting the source code of the decryption tool is good news for victims, it’s also possibly a way for the malware developers to find out which flaw they made and fix that in a next release.