TeslaCrypt Ransomware Maker Shuts Down, Releases Master Key (techcrunch.com)

← Back to Stories (view on slashdot.org)

TeslaCrypt Ransomware Maker Shuts Down, Releases Master Key (techcrunch.com)

Posted by BeauHD on Thursday May 19, 2016 @10:25AM from the out-of-business dept.

An anonymous reader writes: The TeslaCrypt ransomware makers have officially closed down shop and apologized for all the damage they have caused in the past. TeslaCrypt upset a lot of gamers as it would locate and encrypt video games on your Windows PC. With the recent decision to shut down, anti-ransomware researchers have been able to create a fool-proof decryption app called TeslaDecoder (Link is a direct download). Now, many of the hard drives rendered useless by the malware are available to use, and almost every file can be accessed using the unlock system. "TeslaCrypt's website was on the Tor network and now consists of a master key and an apology," writes TechCrunch.

49 comments

Min score:

Reason:

Sort:

In other newd by liqu1d · 2016-05-19 10:29 · Score: 4, Funny

TeslaCrypt got hacked.
1. Re:In other newd by Z00L00K · 2016-05-19 16:38 · Score: 1
  
  Or they got an "offer you can't refuse".
  
  --
  If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
Re: In other news by liqu1d · 2016-05-19 10:30 · Score: 1

Balls news*
Yeah, I believe that by dacullen · 2016-05-19 10:31 · Score: 2

Now that their toy is broken, they're not going to play with it anymore. They Promise, they feel bad. More likely they're just tooling up a new one and will go back to their evil ways.
1. Re:Yeah, I believe that by Anonymous Coward · 2016-05-19 13:22 · Score: 0
  
  Or they realized that they've made more than enough money to live on for a good, long while and are shutting down their operation in order to reduce the effort that law enforcement is willing to dedicate to tracking them down. Either way, they're not at all sorry and this is a farce.
Some faith in humanity restored? by kheldan · 2016-05-19 10:32 · Score: 4, Interesting

Wait, what? Criminals with a conscience? Of course, someone will come along in short order and say

..but they didn't turn themselves in, and they didn't return their ill-gotten gains, so they're still scumbags
Sure. But how often do you get any sort of an apology like this? With all the ugly shit going on all over the world, isn't it a little refreshing that someone actually says they're sorry and makes at least some token amends for their actions? Small consolation or not.

--
Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
1. Re:Some faith in humanity restored? by mark-t · 2016-05-19 10:58 · Score: 1
  
  A sincere apology would be accompanied with an offer to make restitution to those who were harmed, or else pay the appropriate penalties for past wrongdoing.
  Any so-called apology without at least one of these things is nothing of the sort.
  Otherwise it comes across as they are only sorry that they won't continue doing it.
  
  --
  File under 'M' for 'Manic ranting'
2. Re:Some faith in humanity restored? by Anonymous Coward · 2016-05-19 12:35 · Score: 1
  
  I guess I'll rob a bank tomorrow and apologize, keeping the money of course. I'm sure everyone will applaud me as a hero.
3. Re:Some faith in humanity restored? by basecastula+ · 2016-05-19 15:27 · Score: 1
  
  Insurance will cover the stolen money my friend.
4. Re:Some faith in humanity restored? by Anonymous Coward · 2016-05-19 16:25 · Score: 0
  
  Sure. But how often do you get any sort of an apology like this?
  Oh, its not too uncommon actually. In the old Soviet days a criminal would often be "offered" the chance to apologize to the court before the sentence was read and they were shipped off to Siberia, never to return. Apologies, like confessions, can be and are coerced.
  
  With all the ugly shit going on all over the world, isn't it a little refreshing that someone actually says they're sorry and makes at least some token amends for their actions?
  Try this on. They got caught and their real identities were fingered by the CIA or the FSB or some other foreign intelligence agency. They were apprehended and then told that unless they "apologized", gave away the keys and shut down for good, that they and possibly their families would disappear. So they cooperated and received a lesser punishment in the official system with the possibility of eventual release and a second chance. The power of the state, especially when wielded against the helpless individual, is an awesome and terrible thing to behold. The methods differ from state to state, but in the end the state gets what it wants and makes examples of those who defy it.
5. Re:Some faith in humanity restored? by Mashiki · 2016-05-19 17:35 · Score: 1
  
  Wait, what? Criminals with a conscience?
  
  There are a lot of criminals out there with a conscience, many also have moral boundaries they won't cross. A murder might be a murderer and enjoy it, but they won't target people under a certain age for example. It's also one of the reasons why in most countries that child molesters and rapists are put into segregation wings. The other criminals in there are more likely to kill them for what they've done. Not only for the prestige of doing it, but because even the other criminals find their actions repugnant that they believe that there are lines you shouldn't cross.
  An example of a grandfather here in Canada who was convicted of 1st degree(premeditation). He killed his son in law. Said son in law raped and molested his own daughter, the grandfather plead guilty. When he got to prison, the other prisoners found out what he did and treated him with respect beyond approach for it.
  
  --
  Om, nomnomnom...
6. Re:Some faith in humanity restored? by Anonymous Coward · 2016-05-19 18:56 · Score: 0
  
  "Sure. But how often do you get any sort of an apology like this? With all the ugly shit going on all over the world, isn't it a little refreshing that someone actually says they're sorry and makes at least some token amends for their actions? Small consolation or not."
  What? A few words and you're suppose to forgive the people that willingly, knowingly, tried to fuck over other people in pursuit of lining their pockets with easy cash?
  Fuck that. I'd chalk up this apology to something that they'd hope will weaken any court case and following judgement against them. That's it. Someone who puts on the appearance of turning over a new leaf is more likely to get off easier than someone who had to be dragged into the courtroom kicking and screaming.
  Personally I'd have trouble trusting them enough to take something they made themselves and using it to undo the damage they've done - least what they're giving you is doing something more insidious in the background.
  (And in case you think I'm just saying this because I was hit by this shit - I wasn't. I just don't forgive assholes as easily as some like to.)
7. Re:Some faith in humanity restored? by someone1234 · 2016-05-19 21:21 · Score: 1
  
  And insurance money is just created from thin air, right?
  
  --
  Patents Drive Free Software as Hurricanes Drive Construction Industry
8. Re:Some faith in humanity restored? by Anonymous Coward · 2016-05-19 21:43 · Score: 0
  
  unless we know the motivation behind the apology it means diddly squat, especially as they aren't returning money. Maybe someone is threatening to dob them in? maybe they are concerned they left fingerprints and are hoping an apology calls off the sniffer dogs that are getting too close for their comfort.
9. Re:Some faith in humanity restored? by Anonymous Coward · 2016-05-19 23:37 · Score: 0
  
  Releasing the key doesn't count as an attempt at resitution?
10. Re:Some faith in humanity restored? by BitZtream · 2016-05-20 00:35 · Score: 1, Interesting
  
  Yes.
  Though, admittedly, its actually the bank that creates money out of thin air.
  Learn and understand fractional reserve banking, the crash of 2008, and why it happened, then you'll not make such ignorant statements.
  Yes, banks literally create money out of thin air, and its one of the driving factors of inflation. Thanks Fractional Reserve banking and fiat currency! The rich get richer and the poor get poorer!
  
  --
  Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
11. Re:Some faith in humanity restored? by mark-t · 2016-05-20 01:11 · Score: 1
  
  Only for people who haven't been already harmed by either losing their data entirely or else having paid them the ransom to recover it.
  
  --
  File under 'M' for 'Manic ranting'
12. Re:Some faith in humanity restored? by Anonymous Coward · 2016-05-20 03:18 · Score: 0
  
  Ah look! It's the autism-hating troll!
Vigilante Justice by johnsmithperson123 · 2016-05-19 10:34 · Score: 4, Insightful

Probably something like this: Hello. I am a Gray Hat Hacker. Pay me $5000 and write a program that unlocks all your ransomware, and I might forget to turn you in.
how are people getting infected? by Anonymous Coward · 2016-05-19 10:40 · Score: 0

So I totally believe this category of thing is a big problem in the world, but I don't understand what people are doing to get infected so often. I've been using personal computers since the CP/M days of the 1970s, and so far in all of those years I've never had any form of malware or ransomware. Software doesn't "just randomly appear" from random media bit-flips! You have to take some explicit step to obtain and run it.
The wikipedia page about this particular one did not shed any light on the subject. Just "Upon infecting a computer..." OK! How is it "infecting a computer?" Are the game companies packaging it with the games? Is it via pirated games? How?
1. Re:how are people getting infected? by Opportunist · 2016-05-19 10:46 · Score: 4, Insightful
  
  The currently most popular way is you getting a mail entitled "invoice" or "last warning" from some party that you might have actually ordered something from (Amazon, EBay, Paypal...), with a file invoice.pdf.exe attached.
  And since Windows STILL in its unending wisdom does NOT show file extensions in the default setting for some godforsaken reason, and since you can freely choose what icons you want your executable file to display... you get the idea, I'm sure.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
2. Re:how are people getting infected? by NotInHere · 2016-05-19 10:49 · Score: 2
  
  Different sources, and the teslacrypt makers don't really have to care: The malware world has become a real economy with specialisation, and everyone provides different services. One can do really good email phising attacks, the other one has hacked a service and sells off the databases. Some sell access to hacked computers, and others write and sell ransomware.
  So the vector which gets the malware onto the computers is as different as the customers of the ransomware: it may come to you via an email attachment that is a microsoft word macro, or it may use some adobe flash zero day on some infected website. Doesn't have to be a zero day, if your computer isn't up to date, it might be an old CVE as well! And yeah it may ship with pirated games too.
3. Re:how are people getting infected? by Anonymous Coward · 2016-05-19 10:57 · Score: 0
  
  Same AC here. Thank you.
  I agree, hiding extensions by default causes confusion.
4. Re:how are people getting infected? by bmo · 2016-05-19 11:21 · Score: 1
  
  Have you heard of drive-by infection through ad networks? It's not a new thing. It's at least 9 years old, as a concept, by my direct knowledge (when Investor Village got hit with it).
  Yes, software just /does/ randomly appear on the web. Various people have railed against the use of executable code (Javascript, Action Script (flash), etc) on the web (korean web pages are awash in VBS), to no avail.
  I came from the same background as you. There is even malware that runs just fine in wine on linux.
  You can be cruising right along, going to "respectable" web pages, and be hit with malware from an untrustworthy ad network. Which is why I block ad networks right at the hosts file.
  --
  BMO
5. Re:how are people getting infected? by JustAnotherOldGuy · 2016-05-19 11:25 · Score: 2
  
  And since Windows STILL in its unending wisdom does NOT show file extensions in the default setting for some godforsaken reason
  The hiding of extensions still stands as one of the WORST, most misguided things they ever did. And there is no reason for it, none, zero, zip, nada.
  
  --
  Just cruising through this digital world at 33 1/3 rpm...
6. Re:how are people getting infected? by Anonymous Coward · 2016-05-19 11:49 · Score: 1
  
  Similar to how they mark shortcuts with a special icon, OSes should start doing the same for executable files. This would help prevent the attack where the icon resource for the executable is the Adobe Reader icon or the "zip folder" icon.
7. Re:how are people getting infected? by Anonymous Coward · 2016-05-19 11:53 · Score: 2, Insightful
  
  Then again, using any part of the file name to denote MIME type is brain dead. Microsoft's problem is they only hid extensions instead of fixing the OS to handle files properly.
8. Re: how are people getting infected? by Anonymous Coward · 2016-05-19 11:57 · Score: 0
  
  It's targeting gamers so, piracy is a possibility. Then the old "get this VoIP app so we can chat in game" with a link to infected app that works fine but is infected(and probably leaks your IP.)
  Another way, release working hacks(+backdoor) for a popular game works too.
  Actually now that I think of it YouTube was plagued with game cheat links in comments the past few months, and then it just stopped. Maybe that was it.
9. Re:how are people getting infected? by sexconker · 2016-05-19 12:00 · Score: 4, Funny
  
  At the hosts file? How do you block malware at the hosts file? Is there someone on Slashdot who could tell me more about hosts files?
10. Re:how are people getting infected? by CronoCloud · 2016-05-19 12:28 · Score: 1
  
  Must resist posting:
  You're a COW! You APK Host File Engine using COWS MOO! YOU COWS!
  I think it would go something like that.
11. Re:how are people getting infected? by Anonymous Coward · 2016-05-19 13:48 · Score: 0
  
  zip
  Except you can't see `zip`, since it's a file extension.
  (Yes, I know that's not how it works).
12. Re:how are people getting infected? by bmo · 2016-05-19 14:42 · Score: 1
  
  How do you block malware at the hosts file?
  By sending the ad networks to 0.0.0.0.
  https://github.com/StevenBlack...
  That's the one I use.
  --
  BMO
13. Re: how are people getting infected? by firewrought · 2016-05-19 15:34 · Score: 1
  
  Mime types are hidden too, at least from the user perspective. File extensions are the most usable way of conveying file type. Of course, they aren't really usable for security purposes, because of it isn't an EXE, it's a BAT or PS1. And even if you know all your "executable" file types, nothing's to say that PDF or JPG is safe. What really boggles me though is how hiding file extensions is the default on their freaking server OS'es. I mean, treating the general public with kid gloves I understand, but treating your sys admins like imbecile is dangerous.
  
  --
  -1, Too Many Layers Of Abstraction
14. Re: how are people getting infected? by Opportunist · 2016-05-19 19:43 · Score: 1
  
  Please explain how hiding the extension is treating someone with kid gloves? Does it really confuse Joe Randomuser so terribly that his game's name is now game.exe? He had to learn a lot of things to use that computer. This is a mouse, to open something double click with the left button... no, the OTHER left, idiot...
  You think it would really be asking too much from Joe to remember "and hey, that .exe means that this is the program. Your letters are .doc and the thing with the many little cells is .xls". I bet Joe would immediately catch on and realize that the first part is the name and what comes after the dot is "for the computer". And that he better not change it if he wants his stuff to work.
  Not that the OS would make changing that part easy anymore anyway, which is GOOD. But why the fuck hide it when changing it is a chore and a half now anyway?
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
15. Re:how are people getting infected? by linuxgurugamer · 2016-05-19 23:35 · Score: 1
  
  Thunderbird (which I use) shows the extensions
16. Re:how are people getting infected? by Anonymous Coward · 2016-05-20 02:09 · Score: 0
  
  The disabling of this is literally the first thing I do when setting up a fresh install and get to the ability to do so.
17. Re:how are people getting infected? by mattack2 · 2016-05-20 07:41 · Score: 1
  
  No reason? The reason is that because that's an implementation detail. There should be other ways for the user to determine what is and what isn't an executable. The filename is supposed to be the user's domain.
18. Re:how are people getting infected? by JustAnotherOldGuy · 2016-05-20 12:15 · Score: 1
  
  There should be other ways for the user to determine what is and what isn't an executable. The filename is supposed to be the user's domain.
  Yeah, there should be but in Windows there isn't- at least not any safe or easy way. The file extension was a simple, useful way to let users know what a file was, regardless of its icon (which is easily faked or spoofed).
  This is how you get users to run shit like PictureOfMyCutePuppy.js or GirlWithBigBoobs.gif.exe, because Windows shows these files as "PictureOfMyCutePuppy" and "GirlWithBigBoobs.gif".
  Hiding the file extension was idiocy at the highest level.
  
  --
  Just cruising through this digital world at 33 1/3 rpm...
19. Re:how are people getting infected? by mattack2 · 2016-05-20 12:40 · Score: 1
  
  Yes, I understand that..
  OS X uses extensions (even though pre-OS X relied on file types and creators) too.. But they're hidden by default, and the OS warns you when trying to change extensions, make double-extensions etc.. (but the extension isn't used for executable-ness, because of the underlying UNIX permissions for that).
  I still maintain that Windows was probably _trying_ to do something similar, in hiding the "geeky" stuff, but for some reason didn't add the safety net/extra UI to prevent these confusing/security problems.
Why do I have the feeling it's not altruism? by Opportunist · 2016-05-19 10:44 · Score: 4, Interesting

It smells more like someone came to their door and said "Dude. Listen. This is our biz. We do the ransomware racket on this planet. We encrypt people's stuff and they pay us. You will now close shop and if we notice that any bitcoin that was supposed to go to us goes to you, well, your kidneys are worth a pretty bitcoin too".

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
1. Re:Why do I have the feeling it's not altruism? by Shompol · 2016-05-19 10:55 · Score: 1
  
  The most believable version so far. Something tells me this could have gone more like an acquisition: they came, poached the "engineers" and fed "management" to the dogs. Some left over assets, like kidneys, have been auctioned off.
2. Re:Why do I have the feeling it's not altruism? by shione · 2016-05-19 15:07 · Score: 4, Funny
  
  The lead developer's mom found out what he was doing and had a stern talking to him.
ESET decrypter by Anonymous Coward · 2016-05-19 10:55 · Score: 0

Funny how an ESET researcher discovered this, but Bleeping Computer took all the credit. Here's the link to the ESET decrypter: http://support.eset.com/kb6051... Also, don't feature security news from TechCrunch. The article is wildly incomplete and just scratching the surface of what really happened. Choose ZDNet, SecurityWeek, or another infosec site.
Apology by theendlessnow · 2016-05-19 11:14 · Score: 1

To whoever it may concern:
We hunted down and killed your children. We did it slowly and painfully unless you paid our rasom of course.
Reflecting on this a bit, we decided that maybe it wan't that nice of us to do that. So we're making it all up to everyone with a big "I'm sorry."
Glad we got everythiing straightened out. And again, sorry about your kids (can't you see how sorry we are?).
This was a painful note for us to write. However, we are pretty sure we'll never attempt to do something like this again.
I'm torn by Anonymous Coward · 2016-05-19 13:37 · Score: 0

I'm torn here. On the one hand, anybody who takes part in encrypting other people's data and then demanding payment to get it back should die in a big vat of boiling oil (and there are literally no exceptions to this whatsoever in any circumstances) but on the other hand, getting into someone's computer and making it impossible for them to play games IS FUCKING HILARIOUS.
Also seems a bit pointless. "Oh noes, ransomware fucked up my games! Guess I'll take an hour out of my life and reinstall Windows."
Pfft. by Anonymous Coward · 2016-05-19 14:16 · Score: 0

An apology isn't enough. They need to visit Guantanamo for a few millenia.
Host by Anonymous Coward · 2016-05-20 02:51 · Score: 0

At the hosts file? How do you block malware at the hosts file? Is there someone on Slashdot who could tell me more about hosts files?
http://someonewhocares.org/hosts/