decryptor

Emsisoft has released a decryptor for the SynAck Ransomware, allowing victims to decrypt their encrypted files for free.

The SynAck ransomware gang launched its operation in 2017 but rebranded as the El_Cometa gang in 2021.

As part of this rebranding, the threat actors released the master decryption keys and documentation for their encryption algorithm on their Tor data leak site.

SynAck master decryption keys released by threat actors
SynAck master decryption keys released by threat actors

SynAck decryptor released

Today, Emsisoft has released a SynAck ransomware decryptor that works on all variants and allows victims to recover their files for free.

After downloading the decryptor, simply run the program and browse to a ransom note. After selecting the ransom, press the Start button and the decryption key will be detected.

Generating a SynAck decryption key from the ransom note
Generating a SynAck decryption key from the ransom note

After pressing the OK button, the decryptor will load your decryption key, and you can now begin decrypting files.

As you can see from the image below, we could decrypt a test file using the key extracted from the bundled ransom note.

Decrypting a file using the SynAck decryptor
Decrypting a file using the SynAck decryptor

You can delete the leftover encrypted files after you have decrypted your files and determined that they are opening correctly.

For those who need help using the decryptor, please read this page first, and if that does not help, feel free to ask in our forums for further assistance.

Related Articles:

HelloKitty ransomware rebrands, releases CD Projekt and Cisco data

REvil hacker behind Kaseya ransomware attack gets 13 years in prison

French hospital CHC-SV refuses to pay LockBit extortion demand

Philadelphia Inquirer: Data of over 25,000 people stolen in 2023 breach

Change Healthcare hacked using stolen Citrix account with no MFA