Microsoft recently announced that they have updated their malicious removal tool to detect and "remediate" the TeslaCrypt ransomware infection due to the increased distribution and activity detected in August. There has been quite a bit of press surrounding this announcement and people have been getting the wrong idea that this means Microsoft can recover your files. Unfortunately this is not true. This announcement just means that Microsoft has added further detection for this ransomware and will remove it in the Microsoft Malicious Software Removal Tool (MSRT). I thought they were doing that already?

Microsoft also mentions the Talos TeslaDecrypt decryption utility that was released in April as a possible method of recovering your files. Unfortunately, TeslaDecoder only worked with the first two versions of the TeslaCrypt family and is no longer recommended due to its limited ability to recover your files. There is another program created by a member of BleepingComputer.com called TeslaDecoder that is able to decrypt more variants of TeslaCrypt and is the tool of choice. Even this tool, though, is not able to decrypt files encrypted by newer variants of TeslaCrypt.

I wish there was a silver bullet we could offer for this infection, but at this time a victim's choices are limited. You can either restore from backup, pay the ransom, or hopefully be able to live without the missing data.

Related Articles:

Meet Brain Cipher — The new ransomware behind Indonesia's data center attack

Infosys McCamish says LockBit stole data of 6 million people

BlackSuit ransomware gang claims attack on KADOKAWA corporation

Rafel RAT targets outdated Android phones in ransomware attacks

Chinese Cyberspies Employ Ransomware in Attacks for Diversion