• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos2 Stats

How to decrypt teslacrypt .vvv files?

all my document files has been renamed to *.vvv files and it's encrypted ,Have any one idea to recover my files ??
 

Replies

Kudos0

Re: How to decrypt teslacrypt .vvv files?

See Kaspersky tools.
Kudos0

Re: How to decrypt teslacrypt .vvv files?

Negative ^^

http://www.bleepingcomputer.com/virus-removal/teslacrypt-alphacrypt-rans...

Read this.

I strongly recommend making a copy of your hard drive and trying to mess with the copy; this will avoid any damage to the original, IF a fix were to come out at a later time. Best bet is a file recovery tool. telsacrypt delets shadow copies, no you cant even recover using those...

It does however make a copy of your file, encrypt the copy, then deletes the original. that being said, a file recovery software will be your best bet.

Keep in mind that anything you hook up to your computer i.e. flashdrive, external drive, teslacrypt is going to try and encrypt it... if you do plan onpaying the ransom due to lack of options, any attempts to try and decrypt the files will void your "Recovery Key" on the server...

Best of luck to you on this. its possible to get allot of information back, but its tedious.. Youre not guaranteed everything, much less only part of the recovered file, but itll be something..

Kudos1 Stats

Re: How to decrypt teslacrypt .vvv files?

Good advice to make a copy of your drive and work on that.  Bear in mind that the more you use the drive (with the encrypted files on it) the harder it is to recover your files.
That being said, you should be looking at

1) Remove the teslacrypt malware first so that you can work on the system without further encryption.

2) Use a different device to search for a program to scan you drive to recover lost data.  If you search for Recover Lost Data software, there are plenty out there to choose from.  Rule of thumb is to research each one and "you get what you pay for".

3) Remember the more that you use the drive that had your good files on it, the more that data will be writting over the space where your un-encrypted data was.

Good luck and let us know if you need anything.

Win10 x64; Proud graduate of GeeksToGo
Kudos0

Re: How to decrypt teslacrypt .vvv files?

Kudos0

Re: How to decrypt teslacrypt .vvv files?

Thank you. and agreed* the more you use your pc, the harder itll be to recover it...

So far, what ive done to try and recover is like youve said; use a malware removal program (In my case Malwarebytes) to avoid further encryption. ive seen the exe hide in %AppData% . Once i removed, I boot into safe mode and use a file recovery software (in my case, DiskDigger) to try and recover anything i can. Ive been able to recover .xlsx and .docx, but for whatever reason i have trouble with PDF's (maybe its just me....)

If anyone has any other methods to add please let me/us know!!

Kudos5 Stats

Re: How to decrypt teslacrypt .vvv files?

Decryption tool: https:// github . com / googulator / teslacrack It implements a cryptographic attack on TeslaCrypt, and can typically recover a key and decrypt your files in a few hours (may take up to a week in some rare unlucky cases). PoC quality only, a lot of things need to be done by hand.

Kudos0

Re: How to decrypt teslacrypt .vvv files?

Amged Samir:  all my document files has been renamed to *.vvv files and it's encrypted ,Have any one idea to recover my files ??

Time to visit one of the free Malware Removal Forums recommended by the Community
http://www.bleepingcomputer.com/Am-I-infected-What-do-I-do/
http://forums.whatthetech.com/MalwareRemovalForum 
http://www.geekstogo.com/Security/MalwareRemoval
http://www.cybertechhelp.com/MalwareRemovalForum
Trained experts at free Malware Removal Forums do their best to clean / repair your system. Resist self fixes and using your computer as normal until your system is declared clean.  Register n' start a Thread at one Malware Removal Forum.  Maybe they can help/maybe not.  Why fool with DIY in your hands.  When expert hands may help.  M2C

Kudos0

Re: How to decrypt teslacrypt .vvv files?

Kudos0

Re: How to decrypt teslacrypt .vvv files?

i have tried to do but i find this message

"./sample.vvv doesn't appear to be TeslaCrypted"

Kudos2 Stats

Re: How to decrypt teslacrypt .vvv files?

Check if your sample.vvv file is really encrypted (should be unreadable by normal programs, and have "DE AD BE EF" as the first 4 bytes in a hex editor). TeslaCrypt has a bug where it will sometimes fail to write the encrypted data to disk, leaving the original unencrypted file in place, only renamed to .vvv If that is the case, try a different sample file.
Kudos0

Re: How to decrypt teslacrypt .vvv files?

I try decrypt .vvv with TeslaCrack-master from github. But I dont understand procedure.

Can somebody explain with detail steps. Also how can install msieve and how use that (win7 64bit).

Thanks in advance

Kudos0

Re: How to decrypt teslacrypt .vvv files?

Googulator, Whether it works or not, I appreciate your contribution. Thank you for your expertise and taking the time to share it with the community. I would like to support your work. Can I buy you a cup of coffee or make a donation somewhere?

Kudos0

Re: How to decrypt teslacrypt .vvv files?

It`s work.

Thanks to Googulator.

I also want to buy him a beer for share this useful topic.

Thanks once more.

Kudos0

Re: How to decrypt teslacrypt .vvv files?

I am one of the persons that has to thank you Googulator for your project on Github.
It was the only solution I found online for this encryption and it worked !!
The only thing is that I am a young software engineer and I was able to download all the dependences required
and I somehow managed to follow all your instructions, BUT for a normal user it should be quite hard to reach the result.
I still think you should work for an antivirus company or a data security one.. if you are not already in one of them.
Thanks again!

P.S. the time required for the overall operation is much less than 2 hours with my PC.. it is around 10 minutes of computation to find the public and private keys... I'm using an intel i5 and a samsung SSD.

Kudos0

Re: How to decrypt teslacrypt .vvv files?

Hi Mortyr.

I have the same problem, I don´t understand the procedure.

Can you help me with it please?

Thanks.

Kudos0

Re: How to decrypt teslacrypt .vvv files?

Instal Microsoft Visual C++ Compiler for Python 2.7
https://www.microsoft.com/en-us/download/confirmation.aspx?id=44266

Put everything in same folder exampel: c:\Python27

Right mouse while hold "shift" on that folder an run CMD window.
Then type: cd Scripts press Enter and run easy_install pycrypto

Than run: teslacrack.py
You get your AES public key.

Download Msieve from:
http://sourceforge.net/projects/msieve/

Rename .exe file to msieve.exe.
Open a command window (right click folder where you extracted the exe while holding Shift key, and "Open command window here"),
then run "msieve -v -e 0x". After 0x wright your public key without space and press enter.
You will get primes factor. (It can takes few days).

Kudos0

Re: How to decrypt teslacrypt .vvv files?

I rum msieve and get the following result

p1 factor: 1
p3 factor: 2
prp93 factor: 3

1 ,2,3  are not the real numbers

After it i press in cmd

python unfactor.py diplomatiki.pdf 1 2 3

I get the following result :

Traceback (most recent call last):
  File "unfactor.py", line 28, in <module>
    main(sys.argv[1:])
  File "unfactor.py", line 13, in main
    with open(args[0], "rb") as f:
IOError: [Errno 2] No such file or directory: 'diplomatiki.pdf'

I try putting the full path and i get the same error.

What is the problem? Is something i do not understand?

Kudos2 Stats

Re: How to decrypt teslacrypt .vvv files?

You're missing the ".vvv" extension.

python unfactor.py diplomatiki.pdf.vvv 1 2 3

BTW, no need to fiddle around with the Visual C++ compilers. See new instructions on TeslaCrack's GitHub page .

Kudos0

Re: How to decrypt teslacrypt .vvv files?

When I run teslacrack.py, I get the follow message:

C:\Python27>teslacrack.py
Traceback (most recent call last):
  File "C:\Python27\teslacrack.py", line 17, in
    from Crypto.Cipher import AES
ImportError: No module named Crypto.Cipher

Do You know why?

Kudos1 Stats

Re: How to decrypt teslacrypt .vvv files?

Pycrypto is not installed.
Kudos0

Re: How to decrypt teslacrypt .vvv files?

Thanks to everyone.  I am trying to decrypt the files too, but I am not sure I am doing it right.  Let me post what I have.

If I am doing it right, could someone please let me know?  I am posting commands and other info from my screen, which may help others too.

-----------------------------------------------------------------------

Cannot decrypt ./[myfilename].pdf.vvv, unknown key

Software has encountered the following unknown AES keys, please crack them first using msieve:

[#1 ASCII about 128 characters long] found in ./[myfilename].pdf.vvv

Alternatively, you can crack the following Bitcoin key(s) using msieve, and use
them with TeslaDecoder:

[#2 ASCII about 128 characters long]

found in ./[myfilename].pdf.vvv

-----------------------------------------------------------------------

I try to decrypt [#1 ASCII about 128 characters long] by doing the following

C:\Python27>msieve-x64-svn946.exe -v -e 0x[#1 ASCII about 128 characters long]

Msieve v. 1.52 (SVN unknown)
random seeds: 8e3b8908 e342d349
factoring [some really long number] (154 digits)
no P-1/P+1/ECM available, skipping
commencing quadratic sieve (127-digit input)
using multiplier of 1
using VC8 32kb sieve core
sieve interval: 106 blocks of size 32768
processing polynomials in batches of 2
using a sieve bound of 16547821 (532000 primes)
using large prime bound of 2482173150 (31 bits)
using double large prime bound of 81413742854820150 (48-57 bits)
using trial factoring cutoff of 57 bits
polynomial 'A' values have 15 factors

sieving in progress (press Ctrl-C to pause)
62 relations (62 full + 0 combined from 4757 partial), need 532096

[some more stuff here]

-------------------------------------------------------------------------

It is still running after several days on my i7-4790 computer.  Is this normal?  Am I doing everything correctly?

Hope the screen text pasted above helps some people (assuming I am doing it correctly, which I need confirmation too).

Also, it is not clear to me what I can do with the bitcoin key (i.e. [#2 ASCII about 128 characters long] in this post).

Thank you.

Kudos1 Stats

Re: How to decrypt teslacrypt .vvv files?

Your version of msieve is missing ECM support (it shouldn't be saying "no ECM available"). Without that, it's going to take extremely long to factor your key. Try a different build, or switch to YAFU.
Kudos0

Re: How to decrypt teslacrypt .vvv files?

Thank you, Googulator.  I am now running it with a version with ECM support.  Let's see how long it takes then.  Cheers.  I am cautiously optimistic now that you have pointed out the issue with how I ran it.

Kudos0

Re: How to decrypt teslacrypt .vvv files?

That was fast.  It took only 9 minutes to get the primes this time.

However

- when I use unfactor.py, it does not output anything.

- when I use unfactor-ecdsa.py, it says, "Found Bitcoin private key" but does not say anything about AES key.

I am not sure what to do next.  Thank you.

Kudos1 Stats

Re: How to decrypt teslacrypt .vvv files?

You factored the 2nd number from teslacrack.py, not the first one. The 2nd number gives you the Bitcoin key, while the 1st one is the AES key. Don't worry - you can use TeslaDecoder to decrypt your files using the Bitcoin key. If that doesn't work for some reason, factor the other number to get the AES key.
Kudos0

Re: How to decrypt teslacrypt .vvv files?

Thanks Googulator, I installed the Pycrypto and run the msieve, i got the factors but when I´m trying to run unfactor.py it´s do anything:

C:\Python27>python unfactor.py Scan0001.pdf.vvv 19 2113645043 520890728785911271
34461 243643568937527294727112235175732892793860698723616416138579733

C:\Python27>

What I´m missing?

Kudos0

Re: How to decrypt teslacrypt .vvv files?

You are right, Googulator.  I unintentionally used the second key instead.  I have restarted it with the first key again to get the AES.  Will report back when there is more progress.

Kudos1 Stats

Re: How to decrypt teslacrypt .vvv files?

@Pochano: Did you factor the Bitcoin key, ir the AES key? If it was the Bitcoin key, use unfactor-ecdsa.py to reconstruct it (requires ecdsa Python module), then use TeslaDecoder for decryption. Otherwise, check that you haven't mistyped or left out any factors, and that your magic number matches the encrypted file type. (I will add a check for wrong factors to a later version, it's rather easy to detect.)
Kudos0

Re: How to decrypt teslacrypt .vvv files?

Still running the decryption of the AES key.

In the meantime, I have looked high and low for "how to" use the bitcoin private key from unfactor-ecdsa.py but I can't seem to figure out how to use it with TeslaDecoder.

Could some kind soul please help us out on how to use the bitcoin private key once it is available?  It just looks like a Base64 key and TeslaDecoder does not recognize it (when I load it as key.dat where key.dat contains only the string of that bitcoin private key).

Thank you again.

Kudos1 Stats

Re: How to decrypt teslacrypt .vvv files?

Read TeslaDecoder's README. You need to use the "Decode request" option, with a crafted request in the format described therein.
Kudos0

Re: How to decrypt teslacrypt .vvv files?

@Googulator I did factor the AES key the report was:

C:\Python27>msieve -v -e 0x3D158B5B0B32956CFF0DFD1B64ABA989A4FF516ADF7E8AD3B1736
FCDBE9194B8E2CA622B9A20E2C9

Msieve v. 1.52 (SVN 958)
Mon Dec 28 12:31:27 2015
random seeds: e38944e0 837d47ae
factoring 5096678470192898767609917125255283524997203727801022870746784584423770
51488213756368074901086921 (96 digits)
searching for 15-digit factors
P-1 stage 2 factor found
searching for 20-digit factors
searching for 25-digit factors
200 of 214 curves
completed 214 ECM curves
commencing quadratic sieve (86-digit input)
using multiplier of 73
using generic 32kb sieve core
sieve interval: 12 blocks of size 32768
processing polynomials in batches of 17
using a sieve bound of 1442351 (54893 primes)
using large prime bound of 115388080 (26 bits)
using double large prime bound of 325004720053840 (41-49 bits)
using trial factoring cutoff of 49 bits
polynomial 'A' values have 11 factors

sieving in progress (press Ctrl-C to pause)
55069 relations (16780 full + 38289 combined from 559771 partial), need 54989
55069 relations (16780 full + 38289 combined from 559771 partial), need 54989
sieving complete, commencing postprocessing
begin with 576551 relations
reduce to 126371 relations in 10 passes
attempting to read 126371 relations
recovered 126371 relations
recovered 106134 polynomials
attempting to build 55069 cycles
found 55069 cycles in 5 passes
distribution of cycle lengths:
   length 1 : 16780
   length 2 : 11494
   length 3 : 9797
   length 4 : 6902
   length 5 : 4412
   length 6 : 2650
   length 7 : 1479
   length 9+: 1555
largest cycle: 17 relations
matrix is 54893 x 55069 (12.3 MB) with weight 3008853 (54.64/col)
sparse part has weight 3008853 (54.64/col)
filtering completed in 4 passes
matrix is 49207 x 49271 (11.2 MB) with weight 2728722 (55.38/col)
sparse part has weight 2728722 (55.38/col)
saving the first 48 matrix rows for later
matrix includes 64 packed rows
matrix is 49159 x 49271 (7.4 MB) with weight 2163213 (43.90/col)
sparse part has weight 1653609 (33.56/col)
using block size 8192 and superblock size 196608 for processor cache size 2048 k
B
commencing Lanczos iteration
memory use: 4.9 MB
lanczos halted after 779 iterations (dim = 49153)
recovered 14 nontrivial dependencies
p2 factor: 19
p10 factor: 2113645043
prp23 factor: 52089072878591127134461
prp63 factor: 243643568937527294727112235175732892793860698723616416138579733
elapsed time 00:35:38

I think that my factors number are correct.

Kudos1 Stats

Re: How to decrypt teslacrypt .vvv files?

That's way too short to be the full AES key, only 96 digits after conversion to decimal. Should be 150 to 155 digits. Maybe you accidentally truncated the key as you pasted it into msieve?
Kudos0

Re: How to decrypt teslacrypt .vvv files?

Hey Googulator, your instructions on https://github.com/Googulator/TeslaCrack should note prepending 0x to the AES key for the msieve command.

Kudos0

Re: How to decrypt teslacrypt .vvv files?

Hi

Thank you every one for Helping on This.

I am not a developer or IT engineer but yes I was able to do something.I am stuck at one Place so need your little help.

Firstly I was able to run teslacrack.py and their I got below result

C:\Python27>teslacrack.py
Cannot decrypt ./ioclemdreturn.doc.vvv, unknown key
Cannot decrypt ./tender.xlsx.vvv, unknown key
Cannot decrypt ./Thermography GailTrainingNoida1.2.pdf.vvv, unknown key
Software has encountered the following unknown AES keys, please crack them first
 using msieve:
09AEE819B804422EC9347461B75246DF1728CAE587C7EA68612470D2F47972E20AB5839D1979CDDD
A0A4F6C7A497BA1DA27E2A98F0EE132460972210B7737D65 found in ./ioclemdreturn.doc.vv
v
Alternatively, you can crack the following Bitcoin key(s) using msieve, and use
them with TeslaDecoder:
17CC91065F747BFA299F0C13B876C712E449BD340A157C024D3346078BFB0E6C30D0564E74EDA4F9
CFDACD56D281656E49A092B41C7E054242B965471879F0DF found in ./ioclemdreturn.doc.vv
v

Then I used above Key

msieve -v -e 0x09AEE819B804422EC9347461B75246DF1728CAE587C7EA68612470D2F47972E20AB5839D1979CDDDA0A4F6C7A497BA1DA27E2A98F0EE132460972210B7737D65

After this I got Following

Msieve v. 1.52 (SVN 958)
Tue Dec 29 13:25:45 2015
random seeds: 06202efc 51fcfd6f
factoring 5071518575754887190517966591284037365378552323432352711221117651462647
95055231333386902018837614035908331442209442768491884989716852985365680297992224
101 (153 digits)
searching for 15-digit factors
searching for 20-digit factors
ECM stage 1 factor found
searching for 25-digit factors
ECM stage 1 factor found
200 of 214 curves
completed 214 ECM curves
searching for 30-digit factors
ECM stage 1 factor found
commencing quadratic sieve (77-digit input)
using multiplier of 3
using generic 32kb sieve core
sieve interval: 12 blocks of size 32768
processing polynomials in batches of 17
using a sieve bound of 924097 (36408 primes)
using large prime bound of 92409700 (26 bits)
using trial factoring cutoff of 26 bits
polynomial 'A' values have 10 factors

sieving in progress (press Ctrl-C to pause)
36617 relations (18551 full + 18066 combined from 194220 partial), need 36504
36617 relations (18551 full + 18066 combined from 194220 partial), need 36504
sieving complete, commencing postprocessing
begin with 212771 relations
reduce to 52421 relations in 2 passes
attempting to read 52421 relations
recovered 52421 relations
recovered 43307 polynomials
attempting to build 36617 cycles
found 36617 cycles in 1 passes
distribution of cycle lengths:
   length 1 : 18551
   length 2 : 18066
largest cycle: 2 relations
matrix is 36408 x 36617 (4.7 MB) with weight 1097207 (29.96/col)
sparse part has weight 1097207 (29.96/col)
filtering completed in 3 passes
matrix is 26357 x 26421 (3.7 MB) with weight 877046 (33.20/col)
sparse part has weight 877046 (33.20/col)
saving the first 48 matrix rows for later
matrix includes 64 packed rows
matrix is 26309 x 26421 (2.4 MB) with weight 648878 (24.56/col)
sparse part has weight 458997 (17.37/col)
commencing Lanczos iteration
memory use: 2.4 MB
lanczos halted after 417 iterations (dim = 26308)
recovered 17 nontrivial dependencies
p4 factor: 3767
p4 factor: 5897
p7 factor: 4518233
prp15 factor: 385110366963941
prp20 factor: 26700739065478954339
prp28 factor: 7376072552394384154905544679
prp32 factor: 40206388166963182658427847079039
prp46 factor: 1656967216641886286209800858096667886702558837
elapsed time 00:27:16

I hope above 8 factor are key and I tried below following 
unfactor.py ioclemdreturn.doc.vvv 3767 5897 385110366963941 26700739065478954339 7376072552394384154905544679 40206388166963182658427847079039 1656967216641886286209800858096667886702558837

But after this i am unable to get anything.The command does not takes anything.

Can anyone help me in this.Thanks

Kudos0

Re: How to decrypt teslacrypt .vvv files?

I tried to change the magic number but it dint worked well.

Should I used pdf file?

Also i would like to know whether different key would be generated for each file?

Kudos0

Re: How to decrypt teslacrypt .vvv files?

Hi All,

I am also unfortunately stuck with this one, have followed the instructions as closely as possible and have read as much as I can but seem to be coming up short.

I think something msieve is throwing out is wrong as it seems quite short to others and when I try to unfactor I get a blank result

any ideas?

C:\Python27> msieve148 -v -e 0x77991C95E10B9B15965100A22F3852E262B868514AB74B0C0
A2C91279D9107EE9F30C0401DD7079C


Msieve v. 1.48
Tue Dec 29 13:20:36 2015
random seeds: f5ad64b0 699983b0
factoring 9978905271502367503958333994197793150817567866635208242488099943477978
13884309931909715928221596 (96 digits)
p1 factor: 2
p1 factor: 2
p1 factor: 3
p2 factor: 17
p2 factor: 59
p2 factor: 71
p3 factor: 409
prp88 factor: 285508514331609654202513331769038338535868222857490416661905760371
8676877652194225746249
elapsed time 00:00:00

I would really appreciate anyone's help on this as I have been at it for hours!

Kudos0

Re: How to decrypt teslacrypt .vvv files?

Huge thanks to Googulator! Our office was in the process of migrating our data from a local server to a cloud server when we discovered that over half the files on our local server were .vvv encrypted yesterday. Investigating options right now to shut them out and found your fantasic Github tutorial. I do low level IT work as a tertiary function at my work and I was able to figure it out; so much thanks for making it as detailed as you did. I'm running msieve right now and it's chewing through the 35 digit factors slowly but surely. Has only found one factor so far but hopefully it will find some in the higher digit factors. I'll buy you a beer if it works.

Only comment I have is I downloaded msieve v 1.52 which downloaded as msieve152.exe; so I had to rename msieve152.exe to msieve.exe to match your instructions.

Kudos1 Stats

Re: How to decrypt teslacrypt .vvv files?

@kanishk khanna: Use unfactor-ecdsa.py, or change "%PDF" in unfactor.py to "\xd0\xcf\x11\xe0". @doof1412: Your key looks truncated, should be 76 to 80 hex chars long (or 150-155 digits after decimalisation).
Kudos0

Re: How to decrypt teslacrypt .vvv files?

Msieve gave me the following for the bitcoin key:

Found Bitcoin private key: 2CE9BBDC26800F67F5AB011BFEF0C8F381F1E2D5A9F1E19024DA53A0F3E676E5

I'm not clear on how to edit the teslacrack.py script to incorporate the public and private key into the known_keys array. Anyone able to help me out with adding them to the array? Specifically I'm not sure about the syntax needed.

Kudos1 Stats

Re: How to decrypt teslacrypt .vvv files?

Bitcoin private key => use TeslaDecoder to decrypt.
Kudos0

Re: How to decrypt teslacrypt .vvv files?

Thanks Googulator, missed that note on your instructions. Any links to a tutorial on how to enter the key into TeslaDecoder? I'm getting only info on how to run TeslaDecoder from a .dat file.

Kudos1 Stats

Re: How to decrypt teslacrypt .vvv files?

It's in the TeslaDecoder README. You have to use the DecodeRequest function.
Kudos0

Re: How to decrypt teslacrypt .vvv files?

Was just writing a reply saying I found the info in the readme, so I think I got it. But I need to find the bitcoin address; how do I go about doing that?

Kudos2 Stats

Re: How to decrypt teslacrypt .vvv files?

Any bitcoin address will do, use the one in the README, the one in the recovery file, or your own address.
Kudos0

Re: How to decrypt teslacrypt .vvv files?

Got it! Googulator you are the best!

Kudos0

Re: How to decrypt teslacrypt .vvv files?

hi everyone

after many houres i get this

Software has encountered the following unknown AES keys, please crack them first using msieve:
73A3E806DA8FBFF36D14657E7AA27B77051F8A1C2B6EEC95D9EC7B302BBD73F3B3A042513146129DE73F985D3C78E65D17B8CBCC3C6C9C940FDD4CE356A43524 found in ./Jezyk-angielski.pdf.vvv
Alternatively, you can crack the following Bitcoin key(s) using msieve, and use them with TeslaDecoder:
3387A29109DE52F3F90F8D9C953EC785BBAF456DF27E4FE6276C2D4F8A01451FADB6AA6127E615CC042D182896C90DDC46864167228AABDD86AF4B77EC2CE10D found in ./Jezyk-angielski.pdf.vvv
 

then i make this

msieve -v -e 0x73A3E806DA8FBFF36D14657E7AA27B77051F8A1C2B6EEC95D9EC7B302BBD73F3B3A042513146129DE73F985D3C78E65D17B8CBCC3C6C9C940FDD4CE356A43524

now msieve is working hard about one day

now is sieving in progress

do i make everything good ????

how long it takes ????

thanks

Kudos0

Re: How to decrypt teslacrypt .vvv files?

I have to run all the process in the infected machine ?

Kudos1 Stats

Re: How to decrypt teslacrypt .vvv files?

@pochano: No. In fact, it's recommended to do everything on a clear machine. You shouldn't even try to disinfect the victim - back it up, format, reinstall, then restore the decoded files, to be sure no latent infection remains (although TeslaCrypt is not known to have latent persistence capabilities, its dropper might.) @hcn: Looks about right. Did msieve do a successful ECM stage, or did it print "no ECM available"? If the latter, try YAFU or a different build of msieve.
Kudos1 Stats

Re: How to decrypt teslacrypt .vvv files?

hcn, I ran msieve -v -e on my AES key for 6+ hours and didn't find a solution. I also ran another msieve -v -e process at the same time on my bitcoin key. The bitcoin key found a solution after about 40 minutes and ended up allowing me access to our files. Try that, otherwise you might have to keep msieve running for a long time.

Kudos0

Re: How to decrypt teslacrypt .vvv files?

i run on infected mashine afrer mawerbytes scan

ecm stage ok hi found keys

now i run on cear i think machine

Replies are locked for this thread.