SynAck ransomware group releases decryption keys as they rebrand to El_Cometa | ZDNet

The SynAck ransomware gang has released decryption keys for victims that were infected between July 2017 and 2021, according to data obtained by The Record

SynAck is in the process of rebranding itself as the El_Cometa ransomware gang and a member of the old group gave the keys to The Record. 

Emsisoft’s Michael Gillespie confirmed the veracity of the decryption keys and said they are working on their own decryption utility that they believe will be “safer and easier to use” because there are concerns that SynAck victims may damage their files further using the provided keys. 

Ransomware expert Allan Liska told ZDNet that the SynAck ransomware group started right before Ransomware-as-a-service began to take off in 2018. 

“So they never outsourced their ransomware activities. While they continued attacks, there weren’t nearly as many as groups like Conti or REvil were able to conduct, so they got lost in the shuffle,” Liska said. “They also didn’t hit any really big targets.”

A Kaspersky Lab report in 2018 said SynAck differentiated itself in 2017 by not using a payment portal and instead demanding victims arrange payment in Bitcoin through email or BitMessage ID. 

They generally demanded ransoms around $3,000 and gained notoriety for using the Doppelgänging technique, which targets the Microsoft Windows operating system and is designed to circumvent traditional security software and antivirus solutions by exploiting how they interact with memory processes.

There is little data on victims of the ransomware group but Kaspersky Lab researchers said they observed attacks by the gang in the US, Kuwait, Germany and Iran.

“The ability of the Process Doppelgänging technique to sneak malware past the latest security measures represents a significant threat; one that has, not surprisingly, quickly been seized upon by attackers,” said Anton Ivanov, lead malware analyst at Kaspersky Lab. 

“Our research shows how the relatively low profile, targeted ransomware SynAck used the technique to upgrade its stealth and infection capability. Fortunately, the detection logic for this ransomware was implemented before it appeared in the wild.”

A SynAck representative told The Record that the group plans to launch a new Ransomware-as-a-service platform and recruit affiliates to help with their work on El_Cometa. 

Multiple ransomware groups, like Avaddon and Prometheus, have released decryption tools in recent months, either in an effort to rebrand or due to increased law enforcement activity. 

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.