F-Secure helps victims decrypt SynoLocker files
Finnish security company F-Secure has released software that can recover files encrypted by the SynoLocker ransomware. For this, however, a ransom must be paid to the cyber criminals first, because the decryption code is required.
SynoLocker secretly encrypts files on a Synology NAS. Then, the user is presented with a warning, in which the criminals demand a ransom. They make a false promise. “In most of the cases we investigated, the decryption did not work or the decryption code was incorrect,” the Finnish security company said.
However, the hope of recovering the data is not lost, says F-Secure. “With the correct decryption code, it is still possible to recover the data. To make this possible, we released a Python script that can be used to decrypt the files.”
According to the Finns, the Synounlocker script, which has been released on GitHub, does not use bruteforce or crack the encryption of the ransomware. “It only works if the correct decryption code is known,” the blog post reads.
The first cases of SynoLocker were discovered early this month. Users complained that their nas had been hit by the malware, requiring them to pay hundreds of dollars to get back to their files. The method is reminiscent of CryptoLocker, another notorious ransomware that has affected many users.