SynAck Ransomware Rebrands, Releases Old Decryption Keys

What happened?

• After receiving the keys, The Record shared them with ransomware experts who then confirmed that the keys are legitimate and can be used to create a SynAck decryptor for the recovery of encrypted files for free.
• The news site will not be making these keys available for the general public as the decryption process is complex for non-technical users and former SynAck victims may damage their files during the recovery of older data.
• However, Emsisoft would be creating its own decryption tool that will be easy to use and safe. The tool will be released for public use within a few days.

About SynAck

• The SynAck ransomware operation first started in August/September 2017 but it was not an active group. The most recent activity was spotted in 2018, which slowly increased at the end of 2019.
• In late July, the group rebranded itself as El_Cometa and started operating as Ransomware-as-a-Service (RaaS) and started recruiting affiliates to breach target networks.

Other ransomware gangs that released keys

• In the last month, after ransomware attacks on Kaseya, the REvil group disappeared suddenly. However, the decryption key was received just three weeks after the attack.
• Other ransomware groups that have released their master decryption keys in the past are identified as Avaddon, TeslaCrypt, AES-NI, Shade, Crysis, Ziggy, FonixLocker, and FilesLocker.

Conclusion