SynAck ransomware operators published decryption keys

SynAck decryption keys
Written by Emma Davis

The hack group El_Cometa, formerly known as SynAck, released keys to decrypt data that had suffered from attacks by their ransomware between July 2017 and early 2021.

The keys were provided to The Record by a man who introduced himself as a former member of the group SynAck.

The authenticity of the keys has already been confirmed by the well-known information security expert Michael Gillespie, an employee of Emsisoft and the creator of the ID-Ransomware service.

The specialist successfully used the provided data decryption utility and private keys to recover files damaged by old SynAck attacks.

SynAck decryption keys

Journalists decided not to publish the keys themselves, as “the decryption process can be somewhat difficult for untrained users,” and former SynAck victims may end up damaging their files even more.

Instead, Emsisoft will create its own data rescue tool that is safe and easy to use. The company promises to release this utility within the next few days.

The hack group SynAck, first discovered by experts back in July 2017, is one of the oldest ransomware groups to date.

While the group had a strong start with somewhat large distribution campaigns, the group also turned heads at the time because of some clever work on its encryption routines and the use of the process doppelgänging to evade antivirus detection, the first ransomware strain to do so. However, as time passed, other ransomware operations grew larger. While the SynAck group continued to infect victims, its statistics were not in the same category as attacks carried out by larger operations like REvil, Netwalker, Ryuk, or BitPaymer.The Record explains.

Hackers explain simply their decision to leak the old master keys for decrypting files: last month they stopped working on SynAck and focused on a new malware called El_Cometa.

In addition, the group said that while they previously worked with only two external “partners” to distribute SynAck, they now plan to significantly improve their operating model.

This will be done by launching a new Ransomware-as-a-Service (RaaS) platform through which they plan to attract more partners (also known as “affiliates”) to launch attacks and infect victims with the new El_Cometa strain.

Let me remind you that Universal decryption key of REvil appeared on the Russian-language hacker forum.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply