Connect with us

Cyber Security

SynAck ransomware releases decryption keys after El_Cometa rebrand

Published

on

The SynAck ransomware gang released the master decryption keys for their operation after rebranding as the new El_Cometa group.

When ransomware operations encrypt files, they usually generate encryption keys on a victim’s device and encrypt those keys with a master encryption key. The encrypted key is then embedded in the encrypted file or ransom note and can only be decrypted using the ransomware gang’s master decryption keys (private keys).

Today, the SynAck ransomware operation released the master keys, the gang’s decryptors, and a manual on using the master keys, and shared them on their data leak site and with the cybersecurity news site TheRecord.

Master decryption keys released on El_Cometa leak site
Master decryption keys released on El_Cometa leak site

After receiving the keys, TheRecord shared them with ransomware expert Michael Gillespie who verified that the keys are legitimate and will be creating a SynAck decryptor so victims can recover their files for free.

Emsisoft CTO Fabian Wosar told BleepingCompuer that the archive contains a total of sixteen master decryption keys.

Keys released after rebranding to El_Cometa

The SynAck ransomware operation launched in August/September 2017 but was never a very active group. Their most activity was in 2018 but slowly tapered off at the end of 2019.

ID Ransomware submissions from SynAck victims
ID Ransomware submissions from SynAck victims
Source: ID Ransomware

At the end of July 2021, the ransomware group rebranded as El_Cometa and became a ransomware-as-a-service (RaaS), where they recruit affiliates to breach corporate networks and deploy their encryptor.

El_Cometa ransomware data leak site
El_Cometa ransomware data leak site

While it is not common for ransomware gangs to release master decryption keys, it has happened in the past when operations shut down or rebrand to a new name.

Other ransomware gangs that have released master decryption keys include AvaddonTeslaCryptCrysisAES-NIShadeFilesLockerZiggy, and FonixLocker.

Source: https://www.bleepingcomputer.com/news/security/synack-ransomware-releases-decryption-keys-after-el-cometa-rebrand/

Advertisement
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2023 Cyber Reports Cyber Security News All Rights Reserved Website by Top Search SEO