How to decrypt TeslaCrypt ransomware using ESET TeslaCrypt decrypter

How to decrypt TeslaCrypt ransomware using ESET TeslaCrypt decrypter

Ransomware is almost impossible to remove and, if I’m honest, you’re unlikely to catch a break and get your data back. However things might have just gotten that little bit easier, that is if you find yourself under the cosh of TeslaCrypt because ESET have just made a decryptor.

Let me be clear, this isn’t a magic bullet for any version of ransomware. The makers of TeslaCrypt recently backed out of the ransom business and actually posted the master encryption keys online before leaving Dodge for safer ground. ESET have used these keys produce their decryptor and the best thing is that it can be run from the command line so that you easily script-it-up…baby.

How to run TeslaCrypt Decrypter

  1. Download the exe from the ESET knowledgebase page.
  2. Open up a command prompt window as an Administrator and run the exe with a /? parameter for the help options.
    /s runs the decrypter in silent mode which makes it ideal for scripting remotely.
    /f forces a clean of any files found to be encrypted without prompting.
    /d runs as debug mode and gives a lot more output than normal.
    /n only list files for cleaning and doesn’t actually make any changes.

It’s not much right now and, like I said above, it’s only any use if you get caught by the TeslaCrypt bug, but it may be what you need. For real protection you need to have good gateway protection in place and make sure you are also utilising Windows file screening.

 

Author

Oliver Marshall

Oliver works as a Director at Oakson who provide absolutely awesome IT support in Brighton, UK. Out of hours he’s a runner with a limp, has a board game addiction and a owns a dog that looks like a badger.

Show Buttons
Hide Buttons

Before you go...

or
Subscribe to my newsletter

If you enjoyed this article then why not let me know.