The group El Cometa, formerly SynAck, has revealed the main decryption keys for victims targeted between July 2017 and the beginning of 2021. In addition, documentation for using the master keys has been released.
What transpired?
The decryption key was given to a cybersecurity news publication on the group’s data leak site.
- The publication shared the keys with ransomware specialists after the key receipt and confirmed that the keys are legitimate, which can be utilized to construct a SynAck decryptor for the free retrieval of encrypted files.
- The news site will not provide the general public with these keys, because the process of decryption is complicated for non-technical users, while former SynAck victims can destroy their files while the older material is recovered.
- However, Emsisoft would develop its own easy-to-use and safe decryption tool. In a few days’ time, the tool will be available to the public.
SynAck Ransomware
- In August / September 2017 the SynAck Ransomware commenced operations but was not an active gang. The most current activity was seen in 2018, and at the conclusion of 2019, it gradually grew.
- In late July the gang rebranded itself as the El Cometa Company, began its activity as the Ransomware-as-a-service (RaaS).
Others who have also released keys
SynAck is not the only decryption key group to release. In the previous few months, a number of groups of ransomware have shut down or rebuilt.
- The REvil group mysteriously disappeared last month, after ransomware strikes at Kaseya. However, only three weeks after the attack, the decryption key was received.
- Other groups of ransomware that in the past have disclosed their main decryption keys include Avaddon, TeslaCrypt, AES-NI, Shade, Crysis, Ziggy, FonixLocker, and FilesLocker.
Rebranding ransomware is increasingly becoming a major trend as many leading ransomware gangs in recent months have taken this route. In certain situations, rebranding was also noted to be the result of heightened pressure from law enforcement forces. Organizations, security professionals, and researchers must therefore keep their guards safe.
To read more, please check eScan Blog
