Tool restores SynoLocker-encrypted files
Posted on 25.08.2014
Security company F-Secure has created a tool that could help SynoLocker victims get their files back, but it only works if they have received - bought - the correct decryption key.

SynoLocker, as you might remember, is a piece of ransomware targeting users of Synology NAS devices. It encrypts the files contained on them and asks 0.6 BitCoin for the decryption key.

Recently, there have been indication that the crooks behind the scheme might be ending it as they have been spotted trying to sell the remaining unclaimed keys in bulk.

F-Secure does not encourage users to pay the ransom in order to get the decryption key, but they know that some users will. But even that is not a guarantee that they will get their files back.

"In many of the cases we have observed, the decryption process didn't actually work or the decryption key provided by the criminals was incorrect," said F-Secure intern Artturi Lehtio.

In order to help that subset of users, the company has released a Python script that should decrypt the encrypted files.

"The tool does not in any way break the encryption of files created by SynoLocker and it does not attempt to bruteforce the decryption key. It will only work, if the decryption key is already known," he explained.

"Another use case for our decryption tool is a situation where a user has paid the ransom but can't use the decryption key as they have removed the SynoLocker malware from the infected device. Instead of reinfecting your device with the malware (which is a bad idea), you can use the key together with our script to decrypt your files."


VPN protocol flaw allows attackers to discover users' true IP address

The team running the Perfect Privacy VPN service has discovered a serious vulnerability that affects all VPN providers that offer port forwarding, and which can be exploited to reveal the real IP address of users.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Mon, Nov 30th