How to decrypt or restore encrypted files

Teslacrypt ransomware, the variant of notorious CryptoLocker ransomware that targets game files and personal data.

Let’s decrypt the files!

Note: Before decrypting the files, please backup the encrypted files.

STEP 1: Download Talos TeslaCrypt Decryption Tool.

Windows binary:

Python script:

Source code to Windows binary:

STEP 3: Extract the zip file.

STEP 4: Open Explorer and type %appdata%. Find “key.dat” file in the application data directory. Then Copy the “key.dat” file into the tool’s directory.

STEP 5: Open Talos Teslacrypt decryption tool.

STEP 6: Enter the  encrypted file or a directory containing encrypted files and then hit the enterkey.

The tool will decrypt the specified files and restore the original content.

Here is list of useful command line options:

/help – Show the help message.

/key – Manually specify the master key for the decryption (32 bytes/64 digits).

/keyfile – Specify the path of the “key.dat” file used to recover the master key.

/file – Decrypt an encrypted file.

/dir – Decrypt all the “.ecc” files in the target directory and its subdirs.

/scanEntirePc – Decrypt “.ecc” files on the entire computer.

/KeepOriginal – Keep the original file(s) in the encryption process.

/deleteTeslaCrypt – Automatically kill and delete the TeslaCrypt dropper (if found active in the target system).

At time of writing this article, the decryption utility is a test tool which is in development. So, if the tool is not working for you, please put it in the comment section below.

We will update this guide as soon as CISCO releases an update.

If you find this article worthy, share this to your friends and followers.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s