Emsisoft has released a decryptor for the SynAck ransomware, allowing victims to decrypt their encrypted files for free.
The SynAck ransomware gang started in 2017, but was renamed the El_Cometa gang in 2021. As part of this rebranding, the attackers released master decryption keys and documentation for their encryption algorithm.As we previously reported, the keys were provided to The Record by a man who introduced himself as a former member of the SynAck group. The authenticity of the keys has already been confirmed by the well-known cybersecurity expert Michael Gillespie, an employee of Emsisoft and the creator of the ID-Ransomware service.
The hackers explain their decision to “merge” the old master keys for decrypting files simply:
In addition, the group said that while they previously worked with only two external “partners” to distribute SynAck, they now plan to significantly improve their operating model.
This will be done by launching a new Ransomware-as-a-Service (RaaS) platform through which they plan to attract more partners (also known as “affiliates”) to launch attacks and infect victims with the new El_Cometa strain.
Tre Record reporters chose not to publish the keys themselves, as “the decryption process can be somewhat difficult for untrained users,” and former SynAck victims may end up damaging their files even more.
And now, according to Bleeping Computer, Emsisoft has released the SynAck ransomware decoder, which works with all variants and allows victims to recover their files for free. The decoder can be found on this page.
After downloading the decoder, simply launch the program and navigate to the ransom note. After choosing the ransom, press the Start button and the decryption key will be revealed.
After clicking OK, the decryptor will download your decryption key and you can now start decrypting your files.