- Jul 22, 2014
- 2,525
A new ransomware called SyncCrypt was discovered this week by Emsisoft security researcher xXToffeeXx that is being distributed by spam attachments containing WSF files. When installed these attachments will encrypt a computer and append the .kk extension to encrypted files.
While the use of WSF files to distribute malware is not uncommon, when I analyzed the script I noticed that the method being used to download and install the ransomware is quite interesting. This is because the WSF script will download images with embedded ZIP files that contain the necessary files to infect the computer with SyncCrypt. This method has also made the images undetectable by almost all antivirus vendors on VirusTotal.
Unfortunately, at this time there is no way to decrypt files encrypted by SyncCrypt for free, but if you wish to receive help or discuss this ransomware, you can use our dedicated SyncCrypt Support Topic.
Images with Embedded Ransomware Evade Antivirus Detection
...
While the use of WSF files to distribute malware is not uncommon, when I analyzed the script I noticed that the method being used to download and install the ransomware is quite interesting. This is because the WSF script will download images with embedded ZIP files that contain the necessary files to infect the computer with SyncCrypt. This method has also made the images undetectable by almost all antivirus vendors on VirusTotal.
Unfortunately, at this time there is no way to decrypt files encrypted by SyncCrypt for free, but if you wish to receive help or discuss this ransomware, you can use our dedicated SyncCrypt Support Topic.
Images with Embedded Ransomware Evade Antivirus Detection
...
