TeslaCrypt Authors Abandon Operations and Provide Master Decryption Key for the Ransomware

Ranked as the third most popular ransomware threat by Fortinet, TeslaCrypt has been a major annoyance and destructive force for victimized computer users across the globe for well over a year now. Today, the saying "what goes up must come down" rings true for TeslaCrypt Ransomware and its authors as they have shut down operations and provided a free decryption master key to decrypt any files encrypted by the malware threat.

TeslaCrypt Ransomware has been among the most aggressive forms of malware in the landscape of a threat that encrypts files on an infected computer. Through its relentless destructive actions, TeslaCrypt has managed to collect ransom fees ranging from $500 to $1000 in Bitcoin funds from countless victims. In that, TeslaCrypt has made its operators a fortune. Now, that money train has reached the end of its tracks as the operators of TeslaCrypt are supposedly calling it quits and providing all users who may still be infected with the ransomware threat a master decryption key that will decrypt files encrypted by TeslaCrypt.

The discovery of TeslaCrypt's operators shutting down their operations comes from an ESET researcher who was contacted by the operators through their ransom website hosted on the Dark Web. The cybercrooks running TeslaCrypt's operations made it clear through their statement stating: "Project closed. Master key for decrypt [KEY] Wait for other people make universal decrypt software. We are sorry!"

Looking at the provided decryption master key provided by TeslaCrypts operators, it appears to work on all recent variations of the ransomware threat, including TeslaCrypt versions 3 and 4, which are known to append a secondary file extension to each encrypted file using .micro, .mp3, .ttt, or .xxx. We are aware of the aggressive nature of TeslaCrypt and many other crypto-ransomware threats using undefeatable AES encryption algorithms. Fundamentally, without a valid decryption key, files encrypted by TeslaCrypt could not be decrypted. Victimized computer users were left without many options other than the action of restoring their entire hard drive from a clean backup copy.

Just before the demise of TeslaCrypt operations, we noticed a drastic slowdown in the number of computer users seeking a solution for removal of the ransomware threat from their infected computer. We have yet to confirm if there was a correlation between the shut-down of TeslaCrypt operators and the slowdown of infection rates. However, we can speculate that there is a connection.

As far as the reasons of operators shuttering the spread and infection of TeslaCrypt Ransomware, we can conclude that the operators have moved on to other ransomware threats. While the operators may focus their efforts on other ransomware threats, they may have made the wrong decision as we have seen cases of the distribution networks of recent ransomware come under attack. Furthermore, there aren't that many other threats that proved to be as effective as TeslaCrypt was during its prime time.

There have been many interesting activities taking place in the landscape of ransomware threats in recent months. Cybercrooks and ransomware operators must have a grand scheme in place that we are not quite following as we view some of their efforts as being somewhat debilitated. Nevertheless, there still remains to be many aggressive ransomware threats chugging along with no end of its run to the next station in sight.