Security researchers have released a decryption tool which victims of Syrk ransomware can use to recover their files for free. Emsisoft found that Syrk arrived with its own decryptor, but the security firm decided to release its own utility for three reasons. First, it found that the crypto-malware was still in development, which could mean that future versions of the ransomware might lack the decryption feature. Second, it noted that developer-provided tools aren't always reliable and oftentimes come with glitches that could corrupt the decryption process. Lastly, the anti-malware and anti-virus software provider drew upon its experience to label the native tool unsafe, as attackers commonly use their own decryptors to load additional malware onto infected machines. Researchers at Emsisoft analyzed Syrk and found that it most commonly masquerades as a free game hack tool for Fortnite. Once installed on a user's machine, the ransomware disables any anti-virus software it can find. It then attempts to encrypt all files and photos stored in the Pictures, Desktop and Documents folders using the AES-256 standard. If successful, Syrk displays a ransom message that instructs victims to contact an email address for payment instructions. The note also comes with a timer that apparently counts down until the ransomware allegedly deletes a batch of affected files.
Syrk's ransom note. (Source: Emsisoft)
Your personal files are being encrypted by Syrk Malware. Your photos, videos, documents, etc… the only way to recover it is to contact this email: ([email protected]) and submit your id. After paying, you will be sent a password that will be used to decrypt your files if you don’t do these actions before the timer expires your files start to be deleted at the first timer the files in the photo folder will be deleted at the second timer the files in the desktop folder will be deleted at the third timer the files in the document folder will be deleted. So hurry up, TIME FLOWS!!!! To see your Id click on *Show my ID*
Victims of Syrk should not pay the ransom and instead download Emsisoft's utility here. In the meantime, organizations and users everywhere should work to protect themselves against ransomware by following these steps to prevent an infection in the first place.
