Security researchers have released a decryption tool which victims of Syrk ransomware can use to recover their files for free.

Emsisoft found that Syrk arrived with its own decryptor, but the security firm decided to release its own utility for three reasons. First, it found that the crypto-malware was still in development, which could mean that future versions of the ransomware might lack the decryption feature. Second, it noted that developer-provided tools aren’t always reliable and oftentimes come with glitches that could corrupt the decryption process. Lastly, the anti-malware and anti-virus software provider drew upon its experience to label the native tool unsafe, as attackers commonly use their own decryptors to load additional malware onto infected machines.

Researchers at Emsisoft analyzed Syrk and found that it most commonly masquerades as a free game hack tool for Fortnite. Once installed on a user’s machine, the ransomware disables any anti-virus software it can find. It then attempts to encrypt all files and photos stored in the Pictures, Desktop and Documents folders using the AES-256 standard.

If successful, Syrk displays a ransom message that instructs victims to contact an email address for payment instructions. The note also comes with a timer that apparently counts down until the ransomware allegedly deletes a batch of affected files.

Syrk’s ransom note. (Source: Emsisoft)

Your personal files are being encrypted by Syrk Malware. Your photos, videos, documents, etc… the only way to recover it is to contact this email: ([email protected]) and submit your id.

After paying, you will be sent a password that will be used to decrypt your files

if you don’t do these actions before the timer expires your files start to be deleted

at the first timer the files in the photo folder will be deleted

at the second timer the files in (Read more...)