back to article White hats bake TeslaCrypt master key into universal decryptor

The authors of the TeslaCrypt ransomware have handed over their master keys in what appears to be a decision to kill off the net menace. An Eset researcher noticed the gradual decline of TeslaCrypt and, posing as a victim, asked the malware authors for a key. The authors surprisingly offered a free master key and the security …

  1. Mark 85

    So they handed over the keys to TeslaCrypt... Since these types hate to lose income, I wonder what they're up to? A bigger and better ransomware in the wings?

    1. Anonymous Coward
      Anonymous Coward

      Agreed.

      The chances of this being a charitable move seem a bit unlikely. Methinks a more potent version is on the cards. If the original crudware made em $$$ then another, better, faster, stronger version will surely have the same effect.

      Of course, according to our leaders, banning all encryption technologies would mitigate this scenario.

      #Sarc

    2. Nigel 11

      Another possibility

      A three-letter agency tracked the criminals down and gave them two choices: terminate the malware themselves without prejudice, or be terminated themselves with extreme prejudice.

      This stuff is costing hard-pressed governments billions, and could cost the people in power their positions. So the James Bond approach is not unlikely.

      1. Seajay#

        Re: Another possibility

        I think the James Bond approach is very unlikely.

        If the FBI can credibly threaten you with harm, they can arrest you. Even if they didn't want to prosecute because they didn't want to reveal their methods, why would they want to turn down the great publicity they wouldn't get for releasing the key?

        "Here's the key to get your family photos back Senator. By the way, the Federal funding review is coming up soon. Also, how are things going with those new laws to remove that pesky Fourth Amendment?"

    3. phuzz Silver badge
      Pirate

      Or whoever was running has got a proper job now and doesn't want the risk of running a malware campaign.

      I guess replying to all the emails and key requests must have been quite a lot of effort too, it turns out crime is actually a fully time job that doesn't really pay that well.

    4. NoneSuch Silver badge
      Devil

      "Organisations should keep backups of important data in offline sources and have a response plan in place should ransomware hit their networks."

      The IT Response Plan: Sack the meathead responsible for browsing hard core porn sites on their work laptop causing several thousand dollars in IT Dept. time and effort to reverse.

      The Executives Response Plan: Cut the VP Of Marketing some slack. It won't happen again.

  2. bigphil9009

    Brings back memories

    Ahhh, the ASCII art in that screenshot - reminds me of the 1990s. Now get off my lawn!

    1. Alister

      Re: Brings back memories

      Ahh, them were the days, when graphics had real weight to them, proper blocks of colour, none of yer new-fangled pixel rubbish.

      1. Stevie

        Re: Brings back memories

        Aye, an' y' 'ad ter stand in t'next rum ter see the shadin' proper, like.

  3. goldcd

    Simply cashing out?

    Once you've made your big pile of ransom money, next thing you worry about is getting to keep it.

    Should you wish to help focus the attention of the authorities elsewhere, this seems an exceptionally good way of doing it.

    Teslacrypt is no longer a threat, so who's going to be going to their boss to justify tracking them down now?

    1. Law

      Re: Simply cashing out?

      Pretty sure law enforcement doesn't just say "it's all in the past, all is forgiven!! No no - keep your ill gotten gains, we're good now!"

      Well... not unless you're a politician or business tycoon anyway.

      1. Anonymous Coward
        Angel

        Re: Simply cashing out?

        Or someone from inside their org decided to make A LOT of $ and gave out the source code with promise not to prosecute. Look for new neighbors in the Cayman's.

      2. Seajay#

        Re: Simply cashing out?

        Pretty sure law enforcement doesn't just say "it's all in the past, all is forgiven!! No no - keep your ill gotten gains, we're good now!"

        True but they do say "Right, we've got a very limited pool of cyber investigators. Where do we deploy them? Investigating Cryptoxxx which is the biggest threat and can't be decrypted or investigating TeslaCrypt which was big a few months back but now isn't generating any new infections and has a decryption tool out?"

    2. Aodhhan

      Re: Simply cashing out?

      Good point.

      Also a huge attack on someone's conscience and a fear coinciding with realizing the victims are in many countries. This is a lot of jurisdictions and a lot of time you'll get. I'm thinking I wouldn't want to end up in an eastern European or Russian prison (or both) for the next 3 years times how ever many jurisdictions want to prosecute you.

      In about 6-12 months, this individual may be able to sleep comfortably and enjoy his life without fear of authorities clamping down on him.

  4. Doctor Syntax Silver badge

    I'm surprised that the link in the article is direct to an executable rather than to the parent page. This link might be more informative: http://www.bleepingcomputer.com/news/security/teslacrypt-shuts-down-and-releases-master-decryption-key/

  5. well meaning but ultimately self defeating

    Conspiracy Theory Alert

    Unless of course, the well-meaning eSet researcher him/her self was indeed the criminal mastermind behind this, and in an attack of conscience decided to atone for the evil they had committed.

  6. Anonymous Coward
    Anonymous Coward

    I think a more plausible suggestion as to the why is that this ransom ware is being used by multiple groups and this person decided that the best way to gain a better market share with a new ransom ware was to render the previous version useless before those affected closed some of the attack vectors.

  7. jzl

    Sorry

    The main page includes the word "sorry" displayed fairly prominently.

    I wonder if the simple explanation might be a possibility - the TeslaCrypt author had an attack of conscience. Stranger things have happened, after all.

    1. Small Furry Animal

      Re: Sorry

      I'd be inclined to believe this if, and only if, the word 'Sorry' was followed by '... and here's your money back.'

      1. jzl

        Re: Sorry

        Fair point, although I expect the developer doesn't have the money.

  8. Anonymous Coward
    Anonymous Coward

    So after the last Reg article...

    suggested paying up? We now get a free release? Yeah, as said, don't pay the ransoms.

    1. Prst. V.Jeltz Silver badge

      Re: So after the last Reg article...

      @TechnicalBen,

      I think that waiting and hoping that the cryptoware authors have an attack of conscience and just hand over the keys is not really a realistic option. Although , granted, it appears to have worked in this case.

      Its similar thinking to "I play the lottery, despite astronomical odds that the human brain cant even grasp properly , because 'Someone Has To Win It' "

      which isnt even true.

      1. Seajay#

        Re: So after the last Reg article...

        It depends how urgently you need the data.

        - Rarely the keys get handed over.

        - Occasionally the perpetrators are caught and the keys seized.

        - Fairly often a weakness is found in the encryption.

        All of those can happen on a ~1 year timescale.

        Computing power continues to increase, IBM recently made a quantum computer available on the net. Given 10 years, I wouldn't be surprised it the great majority of current encryption is broken.

        That's too long to wait if your lost data is the sole copy of your dissertation which needs to be handed in next week. If it's just your honeymoon photos which you would prefer to have back but aren't disastrous to lose, it could be worth the wait.

  9. This post has been deleted by its author

  10. Anonymous Coward
    Anonymous Coward

    Alternate theory

    The author is tired of his relatives phoning him up asking how to get rid of the ransomware they installed by accident.

  11. casaloco

    I would suggest...

    I would suggest they held the wrong people to ransom, and someone made it rather clear they should leave quietly if they wanted to live. Imagine someone high-up in the Russian Mafia getting one of these demands. "Find him, cut his balls off and stuff they in his mouth".

    1. Anonymous Coward
      Anonymous Coward

      Re: I would suggest...

      More likely, find him and get him to work for us. Russian crime gangs are probably behind at least half of them.

  12. Whiznot

    I'm not making an accusation but always consider the possibility of collusion between the white hats and the black hats. Without the black hats the white hats are kaput.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like