Who Is Behind The Stuxnet Lookalike, Regin Malware? Evidence Suggest British And American Spies
Evidence Shows U.S., U.K. Intelligence Behind Regin WidespreadReuters

Ransomware are pretty simple with regard to how they work. Once installed on a computer, they quickly encrypt the user's hard drive and demand payment in exchange for decryption. Teslacrypt is one such ransomware, but its creators seem to have had a change of heart when somebody asked them nicely to share the decryption key.

A researcher for cybersecurity firm ESET had apparently noticed that the creators of the ransomware weren't as active when it came to distributing or developing their product. So, he reportedly contacted the creators through the chat window in the payment page, asking whether they would share the decryption key, and the creators agreed. They even published the key on the ransomware's payment page.

When the ESET researcher who had reportedly been studying the ransomware asked for the key, the creators reportedly put it up on their now-defunct payment site to which victims are redirected.

A ESET user, who goes by the name BloodDolly, used the key to upgrade his existing decryption software TeslaDecoder, which is freely available at BleepingComputer. The page also offers detailed instructions with regard to how the disk can be decrypted with the tool and data retrieved.

Geek.com reported that Teslacrypt works by snooping around users' computers, looking for game data. Once it finds the save files as well as Steam, RPG Maker, Unity, and Unreal Engine files, it encrypts them.