The unknown criminals beyond the recently-launched SynoLocker malware have announced their retirement, offering to sell as-yet unclaimed decryption keys to all comers for 200 Bitcoins.
The attackers behind the SynoLocker malware have threatened to close their ransom site and delete all unclaimed decryption keys, offering the whole database for 200 Bitcoins.
SynoLocker, a modified version of CryptoLocker, was discovered earlier this month
when Synology DiskStation NAS owners found themselves locked out of their devices. Exploiting a bug Synology claims was fixed for all support DiskStation Manager (DSM) versions back in December, SynoLocker removed access to the control panel before working methodically through the files stored on all connected drives to encrypt them. Access to the encrypted files would then require a key - available, conveniently, from the attackers for 0.6 Bitcoins (around £210) if the user acts quickly, with the fee rising with time.
Engineers at anti-malware firm F-Secure have discovered that the attackers behind SynoLocker are looking to retire. In an analysis posted to the company's official website
, the team at F-Secure noticed a change to the page demanding payment: claims that 5,500 decryption keys - each one representing an individual SynoLocker infection, and required to unlock affected files - are still unclaimed. This cache of unused decryption keys, useless to anyone but the owner of the infected NAS, is being offered for 200 Bitcoins - just shy of £61,000 at current exchange rates.
The sale of the database comes as those behind SynoLocker threaten to delete the website and the key database in the very near future. If they make good on their promises, those who have not yet restored their files from a backup or shelled out for their decryption key would lose all access to their files for good - unless, of course, someone with £61,000 to spare buys the database and offers their own decryption service.