SynAck ransomware has just shared their master and all decryption keys to the public, as they rebrand themselves as El_Cometa now.
The dumped keys are verified to be true, and an expert is already working to make a free decryptor for unlocking files. The SynAck group is not so active but has been in existence for 4 years.
SynAck Ransomware Decryption Keys
It’s usual for ransomware groups to cease activities for various reasons after having some fine time. These could be for personal interests or increasing pressure from authorities. Finally, they halt all the activities and walk away for good.
And when they do, most groups release the core resources of their malicious activities, like decryption keys for free. After all, this is them being nice after having enough fun and money.
A successful ransomware operation includes encrypting the systems by generating encryption keys on the “victim’s device and encrypt those keys with a master encryption key.”
“The encrypted key is then embedded in the encrypted file or ransom note and can only be decrypted using the ransomware gang’s master decryption keys (private keys).”
In this case, the SynAck ransomware group has released the master keys, decryptors, and a manual on using the master keys on their dark web data leak site and shared them with the TheRecord media.
This was later shared with Michael Gillispie, a ransomware expert, and proved to be true. He’s now preparing a free decryptor to help victims of this ransomware group to unlock files if encrypted.
This incident comes after the SynAck ransomware group rebranded themselves as El_Cometa, after being in service for nearly 4 years now. Since its inception in 2017, SynAck ransomware has never recorded sharp hits and slowed down completely in 2019.