Incident Response, Malware, TDR

Ransomware crooks claim private key database is for sale

According to researchers, operators of a ransomware campaign are now looking to sell their collection of decryption keys for a set price.

On Wednesday, F-Secure revealed in a blog post that criminals using SynoLocker, malware named after a targeted product – network-attached storage (NAS) devices by Synology, appeared to be jumping ship to focus on other aims.

Last week, F-Secure detailed how SynoLocker used AES to encrypt users' files so that attackers could later demand payment for data retrieval. But a new message on the SynoLocker website revealed that the operators were looking to sell over 5,500 unclaimed private keys for 200 bitcoins (over $100,000).

F-Secure warned, however, that it remains to be seen “whether the operator(s) follow through with their plans,” or how the sale might impact victims, the blog post said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.