Microsoft recently announced that they have updated their malicious removal tool to detect and "remediate" the TeslaCrypt ransomware infection due to the increased distribution and activity detected in August. There has been quite a bit of press surrounding this announcement and people have been getting the wrong idea that this means Microsoft can recover your files. Unfortunately this is not true. This announcement just means that Microsoft has added further detection for this ransomware and will remove it in the Microsoft Malicious Software Removal Tool (MSRT). I thought they were doing that already?

Microsoft also mentions the Talos TeslaDecrypt decryption utility that was released in April as a possible method of recovering your files. Unfortunately, TeslaDecoder only worked with the first two versions of the TeslaCrypt family and is no longer recommended due to its limited ability to recover your files. There is another program created by a member of BleepingComputer.com called TeslaDecoder that is able to decrypt more variants of TeslaCrypt and is the tool of choice. Even this tool, though, is not able to decrypt files encrypted by newer variants of TeslaCrypt.

I wish there was a silver bullet we could offer for this infection, but at this time a victim's choices are limited. You can either restore from backup, pay the ransom, or hopefully be able to live without the missing data.

Related Articles:

UnitedHealth confirms it paid ransomware gang to stop data leak

Synlab Italia suspends operations following ransomware attack

Ransomware payments drop to record low of 28% in Q1 2024

HelloKitty ransomware rebrands, releases CD Projekt and Cisco data

The Week in Ransomware - April 19th 2024 - Attacks Ramp Up