{
	"id": "fd1d1dbb-9f8a-4eef-9bd7-a53f872adf36",
	"created_at": "2026-04-06T01:30:17.4055Z",
	"updated_at": "2026-04-10T13:11:31.041941Z",
	"deleted_at": null,
	"sha1_hash": "865d5c3724c5194b324e6d56275fd275a80e84f1",
	"title": "SynAck ransomware gang releases decryption keys for old victims",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 167509,
	"plain_text": "SynAck ransomware gang releases decryption keys for old victims\r\nBy Catalin Cimpanu\r\nPublished: 2022-12-13 · Archived: 2026-04-06 01:08:30 UTC\r\nEXLCUSIVE – The El_Cometa ransomware gang, formerly known as SynAck, has released today master\r\ndecryption keys for the victims they infected between July 2017 and early 2021.\r\nThe leaked keys were provided to The Record earlier today by an individual who identified themselves as a\r\nmember of the former SynAck group.\r\nThe keys have been verified as authentic by Michael Gillespie, a malware analyst at security firm Emsisoft and\r\nthe creator of the ID-Ransomware service.\r\nGillespie told The Record he was able to use the leaked decryption utilities and private keys to decrypt files from\r\nold SynAck attacks.\r\nhttps://therecord.media/synack-ransomware-gang-releases-decryption-keys-for-old-victims/\r\nPage 1 of 4\n\nThe Record will not be making these keys generally available as the decryption process can be somewhat\r\ncomplicated for non-technical users, and former SynAck victims who may try to decrypt older data might end up\r\ndamaging files even further.\r\nInstead, Gillespie said that Emsisoft would be developing its own decryption utility that will be safer and easier to\r\nuse, which they will be releasing within the next few days.\r\nPrivate keys released as group prepares to launch new RaaS\r\nFirst spotted in July 2017, the SynAck gang is one of today's oldest ransomware groups still in operation.\r\nWhile the group had a strong start with somewhat large distribution campaigns, the group also turned heads at the\r\ntime because of some clever work on its encryption routines and the use of the process doppelgänging to evade\r\nantivirus detection, the first ransomware strain to do so.\r\nHowever, as time passed, other ransomware operations grew larger. While the SynAck group continued to infect\r\nvictims, its statistics were not in the same category as attacks carried out by larger operations like REvil,\r\nNetwalker, Ryuk, or BitPaymer.\r\nIn an interview today, the SynAck group said they've decided to release master decryption keys for old victims as\r\nthey've now wound down the old SynAck operation and are focusing on a new one, which they launched last\r\nmonth and named El_Cometa.\r\nhttps://therecord.media/synack-ransomware-gang-releases-decryption-keys-for-old-victims/\r\nPage 2 of 4\n\nIn addition, the group said that while they previously worked with only two outside \"partners\" on distributing\r\nSynAck, they now plan to considerably increase their operational model.\r\nThis will be done by launching a new Ransomware-as-a-Service (RaaS) platform, through which they plan to\r\nrecruit more partners (also known as \"affiliates\") to carry out attacks and infect victims with the new El_Cometa\r\nstrain.\r\nSynAck now becomes the second ransomware group that released its decryption keys this summer after the\r\nAvaddon operation released theirs in June before shutting down.\r\nUpdate on August 20: Emsisoft has released a decrypter for the SynAck ransomware, which is available for\r\ndownload here.\r\nhttps://therecord.media/synack-ransomware-gang-releases-decryption-keys-for-old-victims/\r\nPage 3 of 4\n\nCatalin Cimpanu\r\nis a cybersecurity reporter who previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement\r\nactions against hackers.\r\nSource: https://therecord.media/synack-ransomware-gang-releases-decryption-keys-for-old-victims/\r\nhttps://therecord.media/synack-ransomware-gang-releases-decryption-keys-for-old-victims/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://therecord.media/synack-ransomware-gang-releases-decryption-keys-for-old-victims/"
	],
	"report_names": [
		"synack-ransomware-gang-releases-decryption-keys-for-old-victims"
	],
	"threat_actors": [],
	"ts_created_at": 1775439017,
	"ts_updated_at": 1775826691,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/865d5c3724c5194b324e6d56275fd275a80e84f1.pdf",
		"text": "https://archive.orkl.eu/865d5c3724c5194b324e6d56275fd275a80e84f1.txt",
		"img": "https://archive.orkl.eu/865d5c3724c5194b324e6d56275fd275a80e84f1.jpg"
	}
}