TeslaCrypt ransomware changes its name to Alpha Crypt

For those with AlphaCrypt and the .ezz file extension, I've read reports (can't find the link now though) that if you change the extension from ezz to ecc and then run the Talos tool, it works.

what is talos tools? if change extension AlphaCrypt say success but files are broken

Hi joeyjr

Talos is a group affiliated with CISCO that recently created a free decryption utility for files encrypted with TeslaCrypt. However, if you are infected with AlphaCrypt this tool will not work. Hence why it says that the decryption was successful, but the files are still broken, because you made it believe that you had files infected with TeslaCrypt.

Thks, no solution yet ... isnt?

Is there any malware software that will 'see' Alpha Crypt' and then delete all the files associated with it? I really do not want to pay these thieves so I am thinking I will try to do whatever I can to either live without the precious files and hundreds of pictures... of mine or recreate some of the files but I along that line, I need to know that my machine has been cleansed of the virus.

I just tried Malwarebytes and it did not see it on the machine even though the banner to pay is still active and I have a couple of days left to pay.

Does anyone know if someone has had any success by paying the the thieves the ransom?  At some point it's the cost of doing business, though, I really hate perpetuating this thievery.

any news for ezz files?

What is the best Malware detector to ensure location and eradication of the virus?

Thank you

For what it is worth, here is what I've tried with my .ezz files.  It hasn't resulted in any success in any way, however, it might work for others depending on the variant.

1. Found the key.dat and all .EZZ files

2. Ran Teslacrypt on all .EZZ files, however, EZZ is ignored by the current version in Teslacrypt.

3. Mass renamed all .Ezz files to .ECC and reran Teslacrypt.  It removes the file extension .ecc and completes, however the files are garbled, or still encrypted.

4. Tried to use RakhniDecryptor to 'decrypt' a file however, after 20 minutes I realised even if it did work, there sheer amount of files would make this too long of a process.

Awaiting a update to Teslacrypt to handle the newest variant for Alphacrypt.

Brian

3. Mass renamed all .Ezz files to .ECC and reran Teslacrypt. It removes the file extension .ecc and completes, however the files are garbled, or still encrypted.
4. Tried to use RakhniDecryptor to 'decrypt' a file however, after 20 minutes I realised even if it did work, there sheer amount of files would make this too long of a process.

 

You are basically re-encrypting files that are already encrypted, and expect a decrypter to work on them. It won't.

 

I'm not 100% sure how I re-encrypted the files by simply renaming them and trying the decrypter.  I didn't run the decrypter twice on the same set of files.  I suppose what i wrote indicates that.

In any event, you're right, it doesn't and won't work.

Ahh, I see.  That makes sense.  I made copies from the original .ezz files, so I always have those if a fix presents itself.

Ahh, I see.  That makes sense.  I made copies from the original .ezz files, so I always have those if a fix presents itself.