TeslaCrypt (.VVV, .CCC, .EXX, .EZZ, .ECC, etc) Decryption Support Requests

Hello,

I have a version 2.2.0 .vvv file infected machine and would appreciate any help with getting the private key.

 

 

Thank You,

Personmans

Check PM

 

Hello,

I have a version 2.2.0 .vvv file infected machine and would appreciate any help with getting the private key.

 

 

Thank You,

Personmans

Check PM

 

 

I read the linked post and found the tools. I just calculated the candidate AES private key and it worked for files in one folder, but it appears that each folder may have its own key. Working on my second key now. Still great news!

 

 

Thank you BloodDolly, Googulator, Demonslay335 and Grinler! You guys do amazing work.

 

I read the linked post and found the tools. I just calculated the candidate AES private key and it worked for files in one folder, but it appears that each folder may have its own key. Working on my second key now. Still great news!

 

 

Thank you BloodDolly, Googulator, Demonslay335 and Grinler! You guys do amazing work.

 

 

Make sure you are cracking the PrivateKeyBC and not PrivateKeyFile. The PrivateKeyBC should work for all files, as the PrivateKeyFile will only decrypt files that were encrypted in the same "session" of the virus; e.g. if the computer was restarted during its process, it will generate a new one each time.

===============
= PrivateKeyBC =
================

SharedSecret1*PrivateKeyBC
hex C704B10AF9DD4908A52DBB6F35B6795B500F3B51B66B3EB5FD23D6672CD5CCCB923B5990B8001820146DB31BE4E7B2C939B5B1F53E479E5D9F0B7C2A0CAF2BB8
dec 10423435530128016135510897744014612327916230403138441209705129954391390334317543236691859844777305481862142438102642952217072560146538203164917128307354552
PrivateKeyBC =
PublicKeyBC = 04BA2C32EE6AD5E0DDAB379B0BCDEDCA264863EE276B3C85CF5CC89B05B7245E99F70ED6DB5C6D028D2C2ABEA0C55998E440FD029369917FCD0D8F14FE6D52ECF1
==================
= PrivateKeyFile =
==================
SharedSecret2*PrivateKeyFile
hex 414BF39AA510496DC9FD01C6D11715BD012385B1CBF30284E9E01CE31DE29FCB329D8DFAD9352FD339D8C4217C6A9D499175A77A8F74F8A827DD04B0234E21D3
dec 3419864931182435819660947459089245331154717645926988296555599692750477490323776868473584611424999464781165917242425692733046244738105847273203970247369171
PrivateKeyFile =
PublicKeyFile = 040DDCE51A15E5D6AC378F24A0A535572350E36A868CE94B2AFFBD5503EC52AD686934EE4F013B545FCA32461B1B063FC11A26915F875522ECF0FC406DEBA86E15

Decrypting files in folder:C:\Users\linjun.BESTSELLER\Desktop\TeslaCrack Master
Please wait...
Decryption finished. (0 files decrypted, 3 files skipped)
See log file for more information: C:\Users\linjun.BESTSELLER\Downloads\TeslaDecoder(1)\log.txt
 

Edited by linjun85, 05 January 2016 - 08:58 PM.

Hi all,

First off have to say amazing work and support by everybody here!

I also have the new variant (.vvv extensio )on one of our machines and could use a little help. I have loaded one of the encrypted files into TeslaViewer and put the appropriate information into TeslaRefactor, but it keeps telling me that the private key is not found. Either I am missing something, or not putting in the correct information. A little guidance would be appreciated.

Thanks in Advance.

Hi all,

First off have to say amazing work and support by everybody here!

I also have the new variant (.vvv extensio )on one of our machines and could use a little help. I have loaded one of the encrypted files into TeslaViewer and put the appropriate information into TeslaRefactor, but it keeps telling me that the private key is not found. Either I am missing something, or not putting in the correct information. A little guidance would be appreciated.

Thanks in Advance.

I sent you a PM.

Thanks everyone for all the work to help people like myself who fell victim to this virus!

 

Looking for help to decrypt my files that were infected and have .vvv encryption.

Can send you files on wetransfer.

 

Hoping I have enuf skills to do the rest. 

 

Appreciate the help.

Thanks everyone for all the work to help people like myself who fell victim to this virus!
 
Looking for help to decrypt my files that were infected and have .vvv encryption.
Can send you files on wetransfer.
 
Hoping I have enuf skills to do the rest. 
 
Appreciate the help.

I've sent you a PM.

Hi all,

First off have to say amazing work and support by everybody here!

I also have the new variant (.vvv extensio )on one of our machines and could use a little help. I have loaded one of the encrypted files into TeslaViewer and put the appropriate information into TeslaRefactor, but it keeps telling me that the private key is not found. Either I am missing something, or not putting in the correct information. A little guidance would be appreciated.

Thanks in Advance.

I sent you a PM.

Thanks, Grinler.

Edited by Psionics, 05 January 2016 - 09:18 PM.

Hi all!
Tell me, please, how can I use the information obtained from teslaviewer to obtain the decryption key of all files?

================
= PrivateKeyBC =
================

SharedSecret1 * PrivateKeyBC
hex 106C5258B1D2660CFEC9A5F9EE16F0CF943559A04795EA555B447F3DA21FB3D3300C71CDEF4C15E545224980066F33E96947E1283626281CF4B793B2F3490B22

PrivateKeyBC =
PublicKeyBC = 04E70CF0046BAE2DDE3F1A626F12099C3FCA8B1A23028BBA8CA56B7B5448414486DB15FCD0603CDE7FA072E3CC9FB6EBC136D06E567CD06E91FB48DDA233AC22C1

==================
= PrivateKeyFile =
==================

SharedSecret2 * PrivateKeyFile
hex 4661782B075DD6F3E319CEFF0804A2980504568A5AD418A5896FAFB87796AE857C06B83EB74ED16B2FA632EEBC01E7740A4653E71C53EC7AA271938F84524D45

PrivateKeyFile =
PublicKeyFile = 043EB2EBA2A4BE53932A2ECEFC0F38F9BF405E30D87093CAE43C48A7886DDD19FE02769BCD5B6FE32E6700C6E0F8F28D8BFC9FE0330D9D3A403F0597249176B26A
 

Hi all!
Tell me, please, how can I use the information obtained from teslaviewer to obtain the decryption key of all files?

Sent you a pm

Hi Guys,

1 of our PC infected by CryptoWall 4.0. All the files have been encrypted to random file names and extensions.

Is there any method to decrypt back the files?

Thanks

Hi Guys,

1 of our PC infected by CryptoWall 4.0. All the files have been encrypted to random file names and extensions.

Is there any method to decrypt back the files?

Thanks

 

Sorry, but CryptoWall 4.0 is not crackable. The only chance is to restore from backups, or wait for the unlikely event that the malware developer's server is seized. This topic is only for offering decryption of TeslaCrypt.

 

For any questions with CryptoWall 4.0, please check out the support topic: CryptoWall 4.0: Help_Your_Files Ransomware Support Topic

===============
= PrivateKeyBC =
================

SharedSecret1*PrivateKeyBC
hex C704B10AF9DD4908A52DBB6F35B6795B500F3B51B66B3EB5FD23D6672CD5CCCB923B5990B8001820146DB31BE4E7B2C939B5B1F53E479E5D9F0B7C2A0CAF2BB8
dec 10423435530128016135510897744014612327916230403138441209705129954391390334317543236691859844777305481862142438102642952217072560146538203164917128307354552
PrivateKeyBC =
PublicKeyBC = 04BA2C32EE6AD5E0DDAB379B0BCDEDCA264863EE276B3C85CF5CC89B05B7245E99F70ED6DB5C6D028D2C2ABEA0C55998E440FD029369917FCD0D8F14FE6D52ECF1
==================
= PrivateKeyFile =
==================
SharedSecret2*PrivateKeyFile
hex 414BF39AA510496DC9FD01C6D11715BD012385B1CBF30284E9E01CE31DE29FCB329D8DFAD9352FD339D8C4217C6A9D499175A77A8F74F8A827DD04B0234E21D3
dec 3419864931182435819660947459089245331154717645926988296555599692750477490323776868473584611424999464781165917242425692733046244738105847273203970247369171
PrivateKeyFile =
PublicKeyFile = 040DDCE51A15E5D6AC378F24A0A535572350E36A868CE94B2AFFBD5503EC52AD686934EE4F013B545FCA32461B1B063FC11A26915F875522ECF0FC406DEBA86E15

Decrypting files in folder:C:\Users\linjun.BESTSELLER\Desktop\TeslaCrack Master
Please wait...
Decryption finished. (0 files decrypted, 3 files skipped)
See log file for more information: C:\Users\linjun.BESTSELLER\Downloads\TeslaDecoder(1)\log.txt
 

 

I have sent you a PM.

Hello guys, can you help me Decrypt my files

https://drive.google.com/file/d/0ByqS9XwwNrz1UWFJZkVHaUlvVXc/view?usp=sharing

 

Thank You in Advance