Attackers Still Using SunCrypt Ransomware To Compromise Organizations

SunCrypt ransomware operators are still using the ransomware to compromise organizations. According to Minerva Labs, the gang recently compromised Migros, Switzerland’s largest supermarket.

The malware operators have developed a better version of their strain which offers new capabilities. The capabilities include process termination, stopping services, and wiping the machine clean for ransomware execution.

The process termination feature includes resource-heavy processes that can block the encryption of open data files such as WordPad (documents), SQLWriter (databases), and Outlook (emails).

SunCrypt operators however retained the use of I/O completion ports for faster encryption through process threading.

They also continue to encrypt both local volumes and network shares while maintaining an allowlist for the Windows directory and other items that render a computer inoperable when compromised.

SunCrypt was notoriously known in mid-2020 as one of the pioneers of triple extortion on non-paying victims.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web