The SynAck ransomware gang launched the grasp decryption keys for his or her operation after rebranding as the brand new El_Cometa group.
When ransomware operations encrypt information, they normally generate encryption keys on a sufferer’s system and encrypt these keys with a grasp encryption key. The encrypted key’s then embedded within the encrypted file or ransom be aware and might solely be decrypted utilizing the ransomware gang’s grasp decryption keys (personal keys).
In the present day, the SynAck ransomware operation launched the grasp keys, the gang’s decryptors, and a guide on utilizing the grasp keys, and shared them on their knowledge leak website and with the cybersecurity information website TheRecord.
After receiving the keys, TheRecord shared them with ransomware knowledgeable Michael Gillespie who verified that the keys are professional and might be making a SynAck decryptor so victims can recuperate their information totally free.
Emsisoft CTO Fabian Wosar advised BleepingCompuer that the archive comprises a complete of sixteen grasp decryption keys.
Keys launched after rebranding to El_Cometa
The SynAck ransomware operation launched in August/September 2017 however was by no means a really lively group. Their most exercise was in 2018 however slowly tapered off on the finish of 2019.
On the finish of July 2021, the ransomware group rebranded as El_Cometa and have become a ransomware-as-a-service (RaaS), the place they recruit associates to breach company networks and deploy their encryptor.
Whereas it’s not frequent for ransomware gangs to launch grasp decryption keys, it has occurred prior to now when operations shut down or rebrand to a brand new title.