Antivirus vendor releases Synolocker removal tool

Antivirus company F-Secure released a free tool today which allows victims of the ransomware Synolocker to decrypt their data. For the tool to do its work it requires a valid decryption key. Unfortunately the cybercriminals behind the ransomware often don’t provide the decryption key, even if the victim has paid for it.

myce-synolocker

Synolocker is a ransomware variant that encrypts files on NAS devices from the Synology brand. It’s only able to infect systems that run a specific (outdated) version of Synology’s NAS management software DSM. Once the NAS is infected, the user receives a warning that files on the NAS are encrypted. The warning also mentions the victim can decrypt the files by purchasing a decryption key.

Unfortunately a payment isn’t a guarantee for decryption of the files, the criminals sometimes don’t provide a decryption key or provide an invalid key. The result is that the victim has lost his money and still hasn’t regained access to his files.

Previously the ransomware had to be ‘installed’ on the system in order to decrypt the files, but F-Secure now provides a tool to decrypt the files without the ransomware ‘installed’. The tool is coded in Python and is able to decrypt the files once the user has obtained a valid decryption key.

More information and download of the tool can be found here.