bit-tech.net

SynoLocker team looks to sell decryption database

SynoLocker team looks to sell decryption database

The attackers behind the SynoLocker malware have threatened to close their ransom site and delete all unclaimed decryption keys, offering the whole database for 200 Bitcoins.

The unknown criminals beyond the recently-launched SynoLocker malware have announced their retirement, offering to sell as-yet unclaimed decryption keys to all comers for 200 Bitcoins.

SynoLocker, a modified version of CryptoLocker, was discovered earlier this month when Synology DiskStation NAS owners found themselves locked out of their devices. Exploiting a bug Synology claims was fixed for all support DiskStation Manager (DSM) versions back in December, SynoLocker removed access to the control panel before working methodically through the files stored on all connected drives to encrypt them. Access to the encrypted files would then require a key - available, conveniently, from the attackers for 0.6 Bitcoins (around £210) if the user acts quickly, with the fee rising with time.

Engineers at anti-malware firm F-Secure have discovered that the attackers behind SynoLocker are looking to retire. In an analysis posted to the company's official website, the team at F-Secure noticed a change to the page demanding payment: claims that 5,500 decryption keys - each one representing an individual SynoLocker infection, and required to unlock affected files - are still unclaimed. This cache of unused decryption keys, useless to anyone but the owner of the infected NAS, is being offered for 200 Bitcoins - just shy of £61,000 at current exchange rates.

The sale of the database comes as those behind SynoLocker threaten to delete the website and the key database in the very near future. If they make good on their promises, those who have not yet restored their files from a backup or shelled out for their decryption key would lose all access to their files for good - unless, of course, someone with £61,000 to spare buys the database and offers their own decryption service.

2 Comments

Discuss in the forums Reply
leexgx 15th August 2014, 21:39 Quote
i thought we already had a free way to decrypt the data (send one of your encrypted files in and they send you a code back with instructions on how to undo whats been done)
Gareth Halfacree 16th August 2014, 08:15 Quote
Quote:
Originally Posted by leexgx
i thought we already had a free way to decrypt the data (send one of your encrypted files in and they send you a code back with instructions on how to undo whats been done)
Sadly not: that service is based on a leaked database of CryptoLocker keys; SynoLocker uses unique keys not present in said database.
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums