<style>/*<link href='https://www.blogger.com/dyn-css/authorization.css?targetBlogID=3589136026507255572&zx=eade4ae4-2c1e-4ba4-b308-2df48e9fbda9' media='none' onload='if(media!='all')media='all'' rel='stylesheet'/><noscript><link href='https://www.blogger.com/dyn-css/authorization.css?targetBlogID=3589136026507255572&zx=eade4ae4-2c1e-4ba4-b308-2df48e9fbda9' rel='stylesheet'/></noscript>
<meta name='google-adsense-platform-account' content='ca-host-pub-1556223355139109'/>
<meta name='google-adsense-platform-domain' content='blogspot.com'/>

<script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2831139136270004&host=ca-host-pub-1556223355139109" crossorigin="anonymous"></script>

<!-- data-ad-client=ca-pub-2831139136270004 -->

<link rel="stylesheet" href="https://fonts.googleapis.com/css2?display=swap&family=Roboto&family=Open+Sans&family=Consolas&family=Source+Sans+Pro&family=Raleway"></head><body>*/</style>

SynAck ransomware decryption keys

SynAck ransomware,malware removal,decrypt, decryption keys, El_Cometa group, El_Cometa ransomware

The SynAck ransomware gang released the master decryption keys for their operation after rebranding as the new El_Cometa group.

When ransomware operations encrypt files, they usually generate encryption keys on a victim's device and encrypt those keys with a master encryption key. The encrypted key is then embedded in the encrypted file or ransom note and can only be decrypted using the ransomware gang's master decryption keys (private keys).

Now, the SynAck ransomware operation released the master keys, the gang's decryptors, and a manual on using the master keys, and shared them on their data leak site and with the cybersecurity news site TheRecord.

decrypt, decryption keys, El_Cometa group, El_Cometa ransomware

After receiving the keys, TheRecord shared them with ransomware expert Michael Gillespie who verified that the keys are legitimate and will be creating a SynAck decryptor so victims can recover their files for free.

Emsisoft CTO Fabian Wosar said "that the archive contains a total of sixteen master decryption keys".

Keys released after the renaming to El_Cometa

The SynAck ransomware operation launched in August/September 2017 but was never a very active group. Their most activity was in 2018 but slowly tapered off at the end of 2019.

At the end of July 2021, the ransomware group rebranded as El_Cometa and became a ransomware-as-a-service (RaaS), where they recruit affiliates to breach corporate networks and deploy their encryptor.

While it is not common for ransomware gangs to release master decryption keys, it has happened in the past when operations shut down or rebrand to a new name.

<style>/*
<script type="text/javascript" src="https://www.blogger.com/static/v1/widgets/3576124627-widgets.js"></script>
<script type='text/javascript'>
window['__wavt'] = 'AOuZoY4EpqxbvYIbxdNiZy3YIdTya1y5cg:1726958741962';_WidgetManager._Init('//www.blogger.com/rearrange?blogID\x3d3589136026507255572','//mango-school.blogspot.com/2021/08/synack-ransomware-decryption-keys.html','3589136026507255572');
_WidgetManager._SetDataContext([{'name': 'blog', 'data': {'blogId': '3589136026507255572', 'title': 'Mango School for Information Technology and Cyber Security', 'url': 'https://mango-school.blogspot.com/2021/08/synack-ransomware-decryption-keys.html', 'canonicalUrl': 'https://mango-school.blogspot.com/2021/08/synack-ransomware-decryption-keys.html', 'homepageUrl': 'https://mango-school.blogspot.com/', 'searchUrl': 'https://mango-school.blogspot.com/search', 'canonicalHomepageUrl': 'https://mango-school.blogspot.com/', 'blogspotFaviconUrl': 'https://mango-school.blogspot.com/favicon.ico', 'bloggerUrl': 'https://www.blogger.com', 'hasCustomDomain': false, 'httpsEnabled': true, 'enabledCommentProfileImages': true, 'gPlusViewType': 'FILTERED_POSTMOD', 'adultContent': false, 'analyticsAccountNumber': '', 'encoding': 'UTF-8', 'locale': 'en', 'localeUnderscoreDelimited': 'en', 'languageDirection': 'ltr', 'isPrivate': false, 'isMobile': false, 'isMobileRequest': false, 'mobileClass': '', 'isPrivateBlog': false, 'isDynamicViewsAvailable': true, 'feedLinks': '\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Mango School for Information Technology and Cyber Security - Atom\x22 href\x3d\x22https://mango-school.blogspot.com/feeds/posts/default\x22 /\x3e\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/rss+xml\x22 title\x3d\x22Mango School for Information Technology and Cyber Security - RSS\x22 href\x3d\x22https://mango-school.blogspot.com/feeds/posts/default?alt\x3drss\x22 /\x3e\n\x3clink rel\x3d\x22service.post\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Mango School for Information Technology and Cyber Security - Atom\x22 href\x3d\x22https://www.blogger.com/feeds/3589136026507255572/posts/default\x22 /\x3e\n\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Mango School for Information Technology and Cyber Security - Atom\x22 href\x3d\x22https://mango-school.blogspot.com/feeds/5117680682148503795/comments/default\x22 /\x3e\n', 'meTag': '', 'adsenseClientId': 'ca-pub-2831139136270004', 'adsenseHostId': 'ca-host-pub-1556223355139109', 'adsenseHasAds': true, 'adsenseAutoAds': true, 'boqCommentIframeForm': true, 'loginRedirectParam': '', 'view': '', 'dynamicViewsCommentsSrc': '//www.blogblog.com/dynamicviews/4224c15c4e7c9321/js/comments.js', 'dynamicViewsScriptSrc': '//www.blogblog.com/dynamicviews/bea942728df245a5', 'plusOneApiSrc': 'https://apis.google.com/js/platform.js', 'disableGComments': true, 'interstitialAccepted': false, 'sharing': {'platforms': [{'name': 'Get link', 'key': 'link', 'shareMessage': 'Get link', 'target': ''}, {'name': 'Facebook', 'key': 'facebook', 'shareMessage': 'Share to Facebook', 'target': 'facebook'}, {'name': 'BlogThis!', 'key': 'blogThis', 'shareMessage': 'BlogThis!', 'target': 'blog'}, {'name': 'Twitter', 'key': 'twitter', 'shareMessage': 'Share to Twitter', 'target': 'twitter'}, {'name': 'Pinterest', 'key': 'pinterest', 'shareMessage': 'Share to Pinterest', 'target': 'pinterest'}, {'name': 'Email', 'key': 'email', 'shareMessage': 'Email', 'target': 'email'}], 'disableGooglePlus': true, 'googlePlusShareButtonWidth': 0, 'googlePlusBootstrap': '\x3cscript type\x3d\x22text/javascript\x22\x3ewindow.___gcfg \x3d {\x27lang\x27: \x27en\x27};\x3c/script\x3e'}, 'hasCustomJumpLinkMessage': true, 'jumpLinkMessage': 'Read-more \xbb', 'pageType': 'item', 'postId': '5117680682148503795', 'postImageThumbnailUrl': 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEji4non5DgNb9vEGnmAkA9Cf8h0wCplXmSZzBV0OdbXuY1dCV4N82wdvpH1pKIxdvwrmc6Kiki8fHStIH-HTd66X_CCbMQ1zMQU1a0LXdu9aA4I5YO0OhkIqo4_yOLC-JINN5DgrdhtMmST/s72-w400-c-h254/Public+key+cryptography.webp', 'postImageUrl': 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEji4non5DgNb9vEGnmAkA9Cf8h0wCplXmSZzBV0OdbXuY1dCV4N82wdvpH1pKIxdvwrmc6Kiki8fHStIH-HTd66X_CCbMQ1zMQU1a0LXdu9aA4I5YO0OhkIqo4_yOLC-JINN5DgrdhtMmST/w400-h254/Public+key+cryptography.webp', 'pageName': 'SynAck ransomware decryption keys', 'pageTitle': 'Mango School for Information Technology and Cyber Security: SynAck ransomware decryption keys', 'metaDescription': ''}}, {'name': 'features', 'data': {}}, {'name': 'messages', 'data': {'edit': 'Edit', 'linkCopiedToClipboard': 'Link copied to clipboard!', 'ok': 'Ok', 'postLink': 'Post Link'}}, {'name': 'template', 'data': {'name': 'custom', 'localizedName': 'Custom', 'isResponsive': true, 'isAlternateRendering': false, 'isCustom': true}}, {'name': 'view', 'data': {'classic': {'name': 'classic', 'url': '?view\x3dclassic'}, 'flipcard': {'name': 'flipcard', 'url': '?view\x3dflipcard'}, 'magazine': {'name': 'magazine', 'url': '?view\x3dmagazine'}, 'mosaic': {'name': 'mosaic', 'url': '?view\x3dmosaic'}, 'sidebar': {'name': 'sidebar', 'url': '?view\x3dsidebar'}, 'snapshot': {'name': 'snapshot', 'url': '?view\x3dsnapshot'}, 'timeslide': {'name': 'timeslide', 'url': '?view\x3dtimeslide'}, 'isMobile': false, 'title': 'SynAck ransomware decryption keys', 'description': 'Mango School website will guide you how to Protect Data from cyber attack, malware removal, remove ransomware, and making reviews for legit, or scam.', 'featuredImage': 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEji4non5DgNb9vEGnmAkA9Cf8h0wCplXmSZzBV0OdbXuY1dCV4N82wdvpH1pKIxdvwrmc6Kiki8fHStIH-HTd66X_CCbMQ1zMQU1a0LXdu9aA4I5YO0OhkIqo4_yOLC-JINN5DgrdhtMmST/w400-h254/Public+key+cryptography.webp', 'url': 'https://mango-school.blogspot.com/2021/08/synack-ransomware-decryption-keys.html', 'type': 'item', 'isSingleItem': true, 'isMultipleItems': false, 'isError': false, 'isPage': false, 'isPost': true, 'isHomepage': false, 'isArchive': false, 'isLabelSearch': false, 'postId': 5117680682148503795}}, {'name': 'widgets', 'data': [{'title': 'Logo', 'type': 'HTML', 'sectionId': 'header-main', 'id': 'HTML10'}, {'title': 'Icons, Dark, Search', 'type': 'LinkList', 'sectionId': 'header-main', 'id': 'LinkList10'}, {'title': 'Menu', 'type': 'LinkList', 'sectionId': 'header-main', 'id': 'LinkList11'}, {'title': 'Blog Posts', 'type': 'Blog', 'sectionId': 'blog-post', 'id': 'Blog1', 'posts': [{'id': '5117680682148503795', 'title': 'SynAck ransomware decryption keys', 'featuredImage': 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEji4non5DgNb9vEGnmAkA9Cf8h0wCplXmSZzBV0OdbXuY1dCV4N82wdvpH1pKIxdvwrmc6Kiki8fHStIH-HTd66X_CCbMQ1zMQU1a0LXdu9aA4I5YO0OhkIqo4_yOLC-JINN5DgrdhtMmST/w400-h254/Public+key+cryptography.webp', 'showInlineAds': false}], 'footerBylines': [{'regionName': 'footer1', 'items': [{'name': 'share', 'label': ''}]}], 'allBylineItems': [{'name': 'share', 'label': ''}]}, {'title': 'Popular Posts', 'type': 'PopularPosts', 'sectionId': 'sidebar-static', 'id': 'PopularPosts10', 'posts': [{'title': 'Gujd file ransomware virus Removal Decrypt', 'id': 5638591793488345148}, {'title': 'Zzla file ransomware virus Removal Decrypt', 'id': 9089289928437659324}, {'title': 'How to recover deleted WhatsApp messages', 'id': 8893834197053935343}, {'title': 'Received Toll Bay Area FasTrak Text', 'id': 6688816003895425899}, {'title': 'USA bans Kaspersky - What are the reasons?', 'id': 8464110779646215258}]}, {'title': '#Recent Post', 'type': 'HTML', 'sectionId': 'sidebar-static', 'id': 'HTML19'}, {'title': 'Follow Mango school', 'type': 'LinkList', 'sectionId': 'footer-widget', 'id': 'LinkList14'}, {'title': 'Copyright', 'type': 'HTML', 'sectionId': 'copyright', 'id': 'HTML23'}, {'title': 'SVG Icons', 'type': 'HTML', 'sectionId': 'jet-options', 'id': 'HTML24'}]}]);
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML10', 'header-main', document.getElementById('HTML10'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList10', 'header-main', document.getElementById('LinkList10'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList11', 'header-main', document.getElementById('LinkList11'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_BlogView', new _WidgetInfo('Blog1', 'blog-post', document.getElementById('Blog1'), {'cmtInteractionsEnabled': false, 'lightboxEnabled': true, 'lightboxModuleUrl': 'https://www.blogger.com/static/v1/jsbin/128363787-lbx.js', 'lightboxCssUrl': 'https://www.blogger.com/static/v1/v-css/13464135-lightbox_bundle.css'}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_PopularPostsView', new _WidgetInfo('PopularPosts10', 'sidebar-static', document.getElementById('PopularPosts10'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML19', 'sidebar-static', document.getElementById('HTML19'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList14', 'footer-widget', document.getElementById('LinkList14'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML23', 'copyright', document.getElementById('HTML23'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML24', 'jet-options', document.getElementById('HTML24'), {}, 'displayModeFull'));
</script>
</body>*/</style>