[TheRecord] SynAck ransomware gang releases decryption keys for old victims

EXLCUSIVE – The El_Cometa ransomware gang, formerly known as SynAck, has released today master decryption keys for the victims they infected between July 2017 and early 2021.

The leaked keys were provided to The Record earlier today by an individual who identified themselves as a member of the former SynAck group.

Image: The Record

The keys have been verified as authentic by Michael Gillespie, a malware analyst at security firm Emsisoft and the creator of the ID-Ransomware service.

Gillespie told The Record he was able to use the leaked decryption utilities and private keys to decrypt files from old SynAck attacks.

Image: The Record

The Record will not be making these keys generally available as the decryption process can be somewhat complicated for non-technical users, and former SynAck victims who may try to decrypt older data might end up damaging files even further.

Instead, Gillespie said that Emsisoft would be developing its own decryption utility that will be safer and easier to use, which they will be releasing within the next few days.

Private keys released as group prepares to launch new RaaS

First spotted in July 2017, the SynAck gang is one of today’s oldest ransomware groups still in operation.

While the group had a strong start with somewhat large distribution campaigns, the group also turned heads at the time because of some clever work on its encryption routines and the use of the process doppelgänging to evade antivirus detection, the first ransomware strain to do so.

However, as time passed, other ransomware operations grew larger. While the SynAck group continued to infect victims, its statistics were not in the same category as attacks carried out by larger operations like REvil, Netwalker, Ryuk, or BitPaymer.

In an interview today, the SynAck group said they’ve decided to release master decryption keys for old victims as they’ve now wound down the old SynAck operation and are focusing on a new one, which they launched last month and named El_Cometa.

Image: The Record

In addition, the group said that while they previously worked with only two outside “partners” on distributing SynAck, they now plan to considerably increase their operational model.

This will be done by launching a new Ransomware-as-a-Service (RaaS) platform, through which they plan to recruit more partners (also known as “affiliates”) to carry out attacks and infect victims with the new El_Cometa strain.

SynAck now becomes the second ransomware group that released its decryption keys this summer after the Avaddon operation released theirs in June before shutting down.

The post SynAck ransomware gang releases decryption keys for old victims appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[HackerNews] India’s Koo, a Twitter-like Service, Found Vulnerable to Critical Worm Attacks

All posts, HackerNews

Koo, India’s homegrown Twitter clone, recently patched a serious security vulnerability that could have been exploited to execute arbitrary JavaScript code against hundreds of thousands of its users, spreading the attack across the platform. The vulnerability involves a stored cross-site scripting flaw (also known as persistent XSS) in Koo’s web application that allows malicious scripts to be […]

Read More

[SecurityWeek] SAP Patches High-Risk Vulnerabilities in NetWeaver

All posts, Security Week

German software maker SAP has released 12 new security notes as part of its July 2021 security patch day, as well as updates for three previously released security notes. read more Source: Read More (SecurityWeek RSS Feed)

Read More

[ZDNet] How does Surfshark work? How to set up & use the VPN

All posts, ZDNet

Surfshark is a popular VPN. Here’s everything you need to get it, install it, configure it, and use it successfully. Source: Read More (Latest topics for ZDNet in Security)

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.