Tool restores SynoLocker-encrypted files

Security company F-Secure has created a tool that could help SynoLocker victims get their files back, but it only works if they have received – bought – the correct decryption key.

SynoLocker, as you might remember, is a piece of ransomware targeting users of Synology NAS devices. It encrypts the files contained on them and asks 0.6 BitCoin for the decryption key.

Recently, there have been indication that the crooks behind the scheme might be ending it as they have been spotted trying to sell the remaining unclaimed keys in bulk.

F-Secure does not encourage users to pay the ransom in order to get the decryption key, but they know that some users will. But even that is not a guarantee that they will get their files back.

“In many of the cases we have observed, the decryption process didn’t actually work or the decryption key provided by the criminals was incorrect,” said F-Secure intern Artturi Lehtio.

In order to help that subset of users, the company has released a Python script that should decrypt the encrypted files.

“The tool does not in any way break the encryption of files created by SynoLocker and it does not attempt to bruteforce the decryption key. It will only work, if the decryption key is already known,” he explained.

“Another use case for our decryption tool is a situation where a user has paid the ransom but can’t use the decryption key as they have removed the SynoLocker malware from the infected device. Instead of reinfecting your device with the malware (which is a bad idea), you can use the key together with our script to decrypt your files.”

Don't miss