1 Reply Latest reply on Nov 23, 2015 5:42 AM by Peter M

    Teslacrypt Virus has encrypted my files and added the .ccc extension to them, Teslacrypt ransomware

    miloudaki

      On Nov 12th my PC was invaded by the Teslacrypt virus and as a result all my photos and documents are now encrypted and the .ccc extension has been added to them.

      There was no master key included in any application or windows folder (I searched the entire PC), however I did find some suspicious registry keys which as it turned out also contained the bitcoin address (you can find those below in hex format for your reference).

      I have tried several decryption programs but nothing has worked so far. Unfortunately I did not have a backup of those files so it is impossible for me to recover them somehow differently.

       

      Is there anyone who could help me with this? Has anyone managed to decrypt the files after this new version of the Teslacrypt virus has appeared?

       

      Thank you in advance for your support!

       

      Bitcoin address: 1LEbRF44xR7HvEx9PAFQwkWFYiGVZAQ8Xe

       

       

      Key Name: HKEY_CURRENT_USER\Software\26B9F8022E296F (same value was also found for key HKEY_USERS\S-1-5-21-3329602511-4222242022-1132340100-1001\Software\26B9F8022E29 6F)

      Class Name: <NO CLASS>

      Last Write Time: 12/11/2015 - 5:10 πμ

      Value 0

      Name: data

      Type: REG_BINARY

      Data:

      00000000 31 4c 45 62 52 46 34 34 - 78 52 37 48 76 45 78 39 1LEbRF44xR7HvEx9

      00000010 50 41 46 51 77 6b 57 46 - 59 69 47 56 5a 41 51 38 PAFQwkWFYiGVZAQ8

      00000020 58 65 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 Xe..............

      00000030 04 e9 2d a1 5c 3b 06 d0 - 11 d9 79 77 d8 3f 19 f3 .é-¡\;.Ð.ÙywØ?.ó

      00000040 0a 9b 3d dc 18 76 1e 86 - 3b 7e 97 dd a2 4b c6 dd ..=Ü.v..;~.Ý¢KÆÝ

      00000050 97 d7 96 c5 d0 a7 dc 0a - 32 e1 8d d7 be be 3d 72 .×.ÅЧÜ.2á.×¾¾=r

      00000060 ce 6b 4f ac 3a ff 0e 43 - bc 28 08 74 46 3b 22 84 ÎkO¬:ÿ.C¼(.tF;".

      00000070 7a 00 00 30 32 33 41 34 - 37 33 37 32 35 44 30 34 z..023A473725D04

      00000080 37 31 46 45 33 38 31 35 - 30 39 43 33 32 33 38 37 71FE381509C32387

      00000090 43 37 35 39 44 33 45 30 - 37 34 45 30 35 37 37 34 C759D3E074E05774

      000000a0 33 34 30 32 32 46 38 36 - 37 34 46 36 45 45 41 36 34022F8674F6EEA6

      000000b0 44 36 37 35 34 43 35 30 - 33 30 36 44 35 39 43 30 D6754C50306D59C0

      000000c0 46 32 43 31 44 37 37 32 - 46 35 39 35 36 32 38 43 F2C1D772F595628C

      000000d0 35 45 43 35 32 44 34 30 - 37 30 46 36 37 43 37 34 5EC52D4070F67C74

      000000e0 39 30 41 38 42 31 38 31 - 31 36 30 37 33 30 31 43 90A8B1811607301C

      000000f0 46 39 34 00 00 00 00 04 - 90 46 f4 26 1e 6a 34 f4 F94......Fô&.j4ô

      00000100 08 e0 61 db 5f 35 ec d8 - 7c eb ea 93 6a 48 b2 e0 .àaÛ_5ìØ|ëê.jH²à

      00000110 bf a6 f6 d1 4a 7b 21 45 - 5e bb e1 aa 23 fb 1f 7b ¿¦öÑJ{!E^»áª#û.{

      00000120 e3 2d cc 21 98 03 b6 70 - fb 42 aa b8 33 51 33 76 ã-Ì!..¶pûBª¸3Q3v

      00000130 9a 94 d8 cd fc 7f 13 c5 - 00 00 00 00 00 00 00 00 ..ØÍü..Å........

      00000140 3b 03 44 56 00 00 00 00 - ;.DV....