Emsisoft releases a free decryptor for the Syrk ransomware

 In Blog

The Emsisoft malware team has just released a new free decryption tool for the Syrk ransomware strain, which was first brought to our attention by @Leotpsc.

If you have been infected with this ransomware, please download the FREE decryption tool linked below and DO NOT PAY the ransom. A detailed guide is also included.

  • Download the Syrk decryptor here.
Emsisoft Syrk Decryptor

Emsisoft Syrk Decryptor

Technical details

Syrk masquerades as a free game hack tool for Fortnite. It claims to help users aim more accurately (aimbot) and know the in-game locations of other players (ESP). However, Syrk does much more than help players cheat their way to victory. It also disables your antivirus software and attempts to encrypt and delete files in the Pictures, Desktop and Documents folders. Syrk may be uploaded to file sharing sites and distributed via Fortnite forums.

Syrk encrypts files with AES-256 and adds the extension “.Syrk”. After encrypting files, the ransomware displays a pop-up screen instructing the victim to contact an email address in order to arrange payment. The pop-up screen also shows a timer counting down the time until a batch of files is deleted.

The pop-up screen contains the following text:

Syrk

Syrk Ransomware

Your personal files are being encrypted by Syrk Malware. Your photos, videos, documents, etc… the only way to recover it is to contact this email: (panda831@protonmail.com) and submit your id.

After paying, you will be sent a password that will be used to decrypt your files

if you don’t do these actions before the timer expires your files start to be deleted

at the first timer the files in the photo folder will be deleted

at the second timer the files in the desktop folder will be deleted

at the third timer the files in the document folder will be deleted.

So hurry up, TIME FLOWS!!!!

To see your Id click on *Show my ID*

Syrk comes with its own decryptor, hidden in the malware’s resource files, which can be used to decrypt the encrypted files. However, we decided to release our own decryptor for three important reasons:

  1. The ransomware may still be in development. It’s possible that future versions of Syrk will not include the decryption tool.
  2. Developer-supplied tools aren’t always reliable. A glitch during the decryption process could corrupt the encrypted data, making it impossible to recover.
  3. It’s not a good idea to trust decryption tools created by cybercriminals, as they could potentially be used to load more malware onto your system.
Successful decryption of Syrk using the Emsisoft decryptor

Successful Syrk decryption using the Emsisoft decryptor

  • Download the Syrk decryptor here.

The post Emsisoft releases a free decryptor for the Syrk ransomware appeared first on Emsisoft | Security Blog.

Recent Posts