A new version of TeslaCrypt has been released that is now using the ccc extension when encrypting files. This version utilizes the same payment site as previous variants and requires a 2 bitcoin, or approximately $500 USD, ransom in order to decrypt your files. Unfortunately, there is no way to decrypt this version for free at this time due to how the private decryption keys are generated. The ransom notes for this version are named howto_recover_file_.txt and howto_recover_file_.html. These ransom notes are generated in each folder that a file has been encrypted and on your Windows desktop.
Unfortunately with .CCC version, there is no way to retrieve the private key for your encrypted files. As explained by our resident TeslaCrypt expert, BloodDolly:
TeslaCpryt ccc variant stores only public key of SHA256 of generated private key of bitcoinaddress. Private key can be shown only when it is calculated in memory as openssl BN, so it is in allocated memory so you have to dump the whole process memory space if you want to catch it and after SHA256, public key and ECDH shared secret with their hardcoded public key is calculated (this information is sent to their server) from this number, it is discarded. Files are encrypted by another random generated private key and this key is only available in allocated memory during the encryption process. File header and recovery_file contains only public keys and ECDH shared secrets with public key of SHA256 of bitcoin address.
So if you want to decrypt your files you need to know their private key or private key of your generated bitcoin address or SHA256 of this number or each single private key generated for your files (this can be 1 or more numbers).
As always, we will post about any new developments that may occur.
Comments
vilhavekktesla - 8 years ago
This article might be updated, as there now might be possible to decrypt the data.
Take a look in this forum.
https://www.bleepingcomputer.com/forums/t/576600/tesladecoder-released-to-decrypt-exx-ezz-ecc-files-encrypted-by-teslacrypt/
Read the first few posts to get an overview, then make your self a user name and you may post your own comments or ask for help if needed. As of 2016-01 there is an ongoing campaign handling .vvv files and other files. If a solution to your problem is not available, make a backup of your drives (An image backup could also be done if possible)
vilhavekktesla - 8 years ago
Hi, all, I add to the above comment and the article. Now pretty much all Tesla ecrypted files may be decrypted. You may ask for help in this forum: https://www.bleepingcomputer.com/forums/t/601379/teslacrypt-vvv-ccc-etc-files-decryption-support-requests/
Several 1000 users have had help with their Tesla issues, and now even the version 3 and 4' versions can be decrypted. If you saved your data after the attack, you can now have help decrypting them. Read post one in each topic and you get an idea what you have to do. Only the program Tesladecoder 1.0 or newer should be used, to prevent any issue when decrypting your files.
Regards