Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
SynAck ransomware gang releases decryption keys for old victims
#1
https://therecord.media/synack-ransomwar...d-victims/            Catalin Cimpanu August 12, 2021
SynAck ransomware gang releases decryption keys for old victims


EXLCUSIVE – The El_Cometa ransomware gang, formerly known as SynAck, has released today master decryption keys for the victims they infected between July 2017 and early 2021.

The leaked keys were provided to The Record earlier today by an individual who identified themselves as a member of the former SynAck group.
El_Cometa_leaked_keys_files
Image: The Record

The keys have been verified as authentic by Michael Gillespie, a malware analyst at security firm Emsisoft and the creator of the ID-Ransomware service.

Gillespie told The Record he was able to use the leaked decryption utilities and private keys to decrypt files from old SynAck attacks.
SynACK-verified-decryption
Image: The Record

The Record will not be making these keys generally available as the decryption process can be somewhat complicated for non-technical users, and former SynAck victims who may try to decrypt older data might end up damaging files even further.

Instead, Gillespie said that Emsisoft would be developing its own decryption utility that will be safer and easier to use, which they will be releasing within the next few days.
Private keys released as group prepares to launch new RaaS

First spotted in July 2017, the SynAck gang is one of today’s oldest ransomware groups still in operation.

While the group had a strong start with somewhat large distribution campaigns, the group also turned heads at the time because of some clever work on its encryption routines and the use of the process doppelgänging to evade antivirus detection, the first ransomware strain to do so.

However, as time passed, other ransomware operations grew larger. While the SynAck group continued to infect victims, its statistics were not in the same category as attacks carried out by larger operations like REvil, Netwalker, Ryuk, or BitPaymer.

In an interview today, the SynAck group said they’ve decided to release master decryption keys for old victims as they’ve now wound down the old SynAck operation and are focusing on a new one, which they launched last month and named El_Cometa.
El_Cometa_leak_site
Image: The Record

In addition, the group said that while they previously worked with only two outside “partners” on distributing SynAck, they now plan to considerably increase their operational model.

This will be done by launching a new Ransomware-as-a-Service (RaaS) platform, through which they plan to recruit more partners (also known as “affiliates”) to carry out attacks and infect victims with the new El_Cometa strain.

SynAck now becomes the second ransomware group that released its decryption keys this summer after the Avaddon operation released theirs in June before shutting down.        Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Ransomware gang uses new Microsoft Exchange exploit to breach servers tarekma7 0 770 12-21-2022 , 09:00 AM
Last Post: tarekma7
  Digital security giant Entrust breached by ransomware gang mrtrout 0 898 07-23-2022 , 12:02 AM
Last Post: mrtrout
  AstraLocker ransomware shuts down and releases decryptors mrtrout 0 641 07-05-2022 , 03:28 AM
Last Post: mrtrout
  RansomEXX ransomware Linux encryptor may damage victims' files mrtrout 0 794 09-30-2021 , 09:52 PM
Last Post: mrtrout
  Ragnarok ransomware operation shuts down and releases free decrypter mrtrout 0 723 08-27-2021 , 06:45 AM
Last Post: mrtrout



Users browsing this thread: 4 Guest(s)