Home Internet Security SynAck ransomware releases decryption keys after El_Cometa rebrand

SynAck ransomware releases decryption keys after El_Cometa rebrand


Decryption key

The SynAck ransomware gang launched the grasp decryption keys for his or her operation after rebranding as the brand new El_Cometa group.

When ransomware operations encrypt information, they normally generate encryption keys on a sufferer’s system and encrypt these keys with a grasp encryption key. The encrypted key’s then embedded within the encrypted file or ransom be aware and might solely be decrypted utilizing the ransomware gang’s grasp decryption keys (personal keys).

In the present day, the SynAck ransomware operation launched the grasp keys, the gang’s decryptors, and a guide on utilizing the grasp keys, and shared them on their knowledge leak website and with the cybersecurity information website TheRecord.

Master decryption keys released on El_Cometa leak site
Grasp decryption keys launched on El_Cometa leak website

After receiving the keys, TheRecord shared them with ransomware knowledgeable Michael Gillespie who verified that the keys are professional and might be making a SynAck decryptor so victims can recuperate their information totally free.

Emsisoft CTO Fabian Wosar advised BleepingCompuer that the archive comprises a complete of sixteen grasp decryption keys.

Keys launched after rebranding to El_Cometa

The SynAck ransomware operation launched in August/September 2017 however was by no means a really lively group. Their most exercise was in 2018 however slowly tapered off on the finish of 2019.

ID Ransomware submissions from SynAck victims
ID Ransomware submissions from SynAck victims
Supply: ID Ransomware

On the finish of July 2021, the ransomware group rebranded as El_Cometa and have become a ransomware-as-a-service (RaaS), the place they recruit associates to breach company networks and deploy their encryptor.

El_Cometa ransomware data leak site
El_Cometa ransomware knowledge leak website

Whereas it’s not frequent for ransomware gangs to launch grasp decryption keys, it has occurred prior to now when operations shut down or rebrand to a brand new title.

Different ransomware gangs which have launched grasp decryption keys embrace AvaddonTeslaCryptCrysisAES-NIShadeFilesLockerZiggy, and FonixLocker.

Source link