SyncCrypt ransomware applies a new disguise

SyncCrypt virus operates as crypto-virus which encode files with AES cipher and demand ransom. After the encryption is finished, the malware appends .kk file extension.[1] Further instructions are provided in AMOUNT.txt and readme.html files. Besides that, readme.png is dropped on a victim’s computer as well.
Felons urge victims to send the exact amount of bitcoins to the indicated address and within 48 hours. Otherwise, the files are supposed to be lost.
In case netizens encounter technical difficulties, they can contact the perpetrators via the three indicated email addresses: getmyfiles@keemail.me, getmyfiles@mail2tor.com and getmyfiles@scryptmail.com. However, there is no certainty that the perpetrators will send the files back. Instead, it would be wiser to initiate SyncCrypt removal. You can do it faster with the assistance of FortectIntego or MalwarebytesMalwarebytes.
Ransomware market is booming
After the strike of WannaCry and Petya, there has been a surge in copy crypto-malware appearing. Inspired by the destructive and mass-scale damage inflicted by the latter threats, authors of other viruses wanted to share the minute of glory as well.
Speaking of this threat, it does not seem to imitate the former threats. In fact, it operates quite ordinary, as it encodes the files and then opens the files with further instructions. As common for file-encrypting threats, the perpetrators also set the time limit. However, it is a common strategy among to exert pressure on victims. Instead of complying with the demands, you should remove SyncCrypt right away.
2017 August update: crypto-virus employs several disguise methods
While the threat has recently emerged, it already presents several unique features. Now it targets users with an insidious technique. The spam email contains Windows Script File (WSF)[2] file which downloads arrival.jpg[3] or alternatively named image.
Nonetheless, it only serves as a disguise for the embedded .zip file. Unfortunately, it contains the main payload of the malware. This technique gives an immunity to the virus. Nonetheless, some security tools still detect it. SyncCrypt, indeed,
presents cunning features. Even a victim does not open the .jpg file, the .zip content is still downloaded. Within a while, sync.exe, readme.html and readme.png files are dropped[4]. All crucial files are encoded and now contain .kk file extensions.
SyncCrypt virus also presents another exceptional feature: when the encryption process is done, the malware opens the image taken from Olafur Arnalds' album “…They Have Escaped the Weight of Darkness” cover. The tendency to append such extension also reminds of KKK ransomware. Unfortunately, there is no official decrypter released for the virus.
Transmission techniques remain the same
When it comes to ransomware, you can expect it to target victims via:
- Spam emails
- keygens
- browser extensions[5]
- rogue software
- exploit kits
Elaborating on the first method, users can cease the infection simply by ignoring the email which is supposedly sent by the FBI or the court sending subpoena. Such emails often contain fake invoices attached. Recent Locky variation, Diablo6 ransomware perfectly illustrates such distribution technique.
Speaking of exploit kits[6], users cannot simply cease the assault as it is not visible. In that case, rely on malware elimination software.
Delete SyncCrypt crypto-virus
Indeed, a file-encrypting threat is no ordinary computer virus, but there are still ways to counterattack it. Without nurturing naïve expectations on perpetrators’ sense of conscience, remove SyncCrypt virus. If your anti-virus and anti-spyware tools do not respond, reboot the system in Safe Mode.
Note that at the moment there is no official SynCrypt Decrypter available yet, avoid installing the one promoted by cyber perpetrators. After you remove SyncCrypt virus, take a look at the below data recovery instructions. There is no information whether the malware targets any particular country, so even if you reside in Finland[7] or France, be vigilant.
Was this guide helpful?
Be the first to comment