Emsisoft releases a free decryptor for the Syrk ransomware
The Emsisoft malware team has just released a new free decryption tool for the Syrk ransomware strain, which was first brought to our attention by @Leotpsc.
If you have been infected with this ransomware, please download the FREE decryption tool linked below and DO NOT PAY the ransom. A detailed guide is also included.
Technical details
Syrk masquerades as a free game hack tool for Fortnite. It claims to help users aim more accurately (aimbot) and know the in-game locations of other players (ESP). However, Syrk does much more than help players cheat their way to victory. It also disables your antivirus software and attempts to encrypt and delete files in the Pictures, Desktop and Documents folders. Syrk may be uploaded to file sharing sites and distributed via Fortnite forums.
Syrk encrypts files with AES-256 and adds the extension “.Syrk”. After encrypting files, the ransomware displays a pop-up screen instructing the victim to contact an email address in order to arrange payment. The pop-up screen also shows a timer counting down the time until a batch of files is deleted.
The pop-up screen contains the following text:
Your personal files are being encrypted by Syrk Malware. Your photos, videos, documents, etc… the only way to recover it is to contact this email: ([email protected]) and submit your id.
After paying, you will be sent a password that will be used to decrypt your files
if you don’t do these actions before the timer expires your files start to be deleted
at the first timer the files in the photo folder will be deleted
at the second timer the files in the desktop folder will be deleted
at the third timer the files in the document folder will be deleted.
So hurry up, TIME FLOWS!!!!
To see your Id click on *Show my ID*
Emsisoft Enterprise Security + EDR
Robust and proven endpoint security solution for organizations of all sizes. Start free trial
Syrk comes with its own decryptor, hidden in the malware’s resource files, which can be used to decrypt the encrypted files. However, we decided to release our own decryptor for three important reasons:
- The ransomware may still be in development. It’s possible that future versions of Syrk will not include the decryption tool.
- Developer-supplied tools aren’t always reliable. A glitch during the decryption process could corrupt the encrypted data, making it impossible to recover.
- It’s not a good idea to trust decryption tools created by cybercriminals, as they could potentially be used to load more malware onto your system.