Eset claimed in a blog post yesterday that it contacted TeslaCrypt’s authors after spotting a message announcing they were closing their ‘project.’
“On this occasion, one of ESET’s analysts contacted the group anonymously, using the official support channel offered to the ransomware victims by the TeslaCrypt’s operators, and requested the universal master decryption key,” it explained.
“Surprisingly, they made it public.”
This gave the security vendor all it needed to produce a free decrypting tool with the ability to unlock files affected by all variants of TeslaCrypt.
The news follows Kaspersky Lab’s efforts to unlock files for victims of the CryptXXX ransomware.
In a cat-and-mouse game typical of the security industry’s battles with the black hats its initial efforts led to the development of a new version, CryptXXX 2.0.
However, the Russian AV firm was able once again to crack the code and has produced the RannohDecryptor to tackle the latest version of this ransomware family.
However, the advice from most commentators is for firms to take preventative measures to mitigate the risk of being infected – after all, not many such tools exist and it’s in no way assured that even paying a ransom will lead to the victim’s files being unlocked.
Trend Micro recommends a layered protection approach involving a combination of web/email gateway, endpoint, server and network security.
The firm said it stopped a massive 99 million ransomware threats for its customers between October 2015 and April 2016 – although admitted the actual figure for real infections globally is likely to be many times this number.
Other sound security advice includes network segmentation to prevent ransomware moving laterally inside an organization encrypting as it goes, and user education programs so that staff know not to open suspicious emails or click on dubious looking links.
SOURCE: Phil Muncaster