Ransomware is almost impossible to remove and, if I’m honest, you’re unlikely to catch a break and get your data back. However things might have just gotten that little bit easier, that is if you find yourself under the cosh of TeslaCrypt because ESET have just made a decryptor.
Let me be clear, this isn’t a magic bullet for any version of ransomware. The makers of TeslaCrypt recently backed out of the ransom business and actually posted the master encryption keys online before leaving Dodge for safer ground. ESET have used these keys produce their decryptor and the best thing is that it can be run from the command line so that you easily script-it-up…baby.
How to run TeslaCrypt Decrypter
- Download the exe from the ESETÂ knowledgebase page.
- Open up a command prompt window as an Administrator and run the exe with a /? parameter for the help options.
Usage: ESETTeslaCryptDecryptor.exe [options] <filename(s) or directory name(s)> Options: /s - Silent mode. /f - Forced clean. /d - Debug mode. /n - Only list files for cleaning (don't clean). /h or /? - Show usage.
/s runs the decrypter in silent mode which makes it ideal for scripting remotely.
/f forces a clean of any files found to be encrypted without prompting.
/d runs as debug mode and gives a lot more output than normal.
/n only list files for cleaning and doesn’t actually make any changes.
It’s not much right now and, like I said above, it’s only any use if you get caught by the TeslaCrypt bug, but it may be what you need. For real protection you need to have good gateway protection in place and make sure you are also utilising Windows file screening.
