Hello @Jasonb ,
I assume you are making reference to this article.
You can always submit samples to our lab in order to assess the infection.
PS:I moved your post to a more relevant board.
If you register a SAS account and then log in, you get more options including a "message" field:
https://analysis.f-secure.com/portal/signup.html
"If you need to contact our Response Team, include your question or incident details in the "Message" field. Else, please leave it empty"
I managed to upload the sample file and keys to SAS today.
I'm the same user who paid the ransom and got public and private keys from the perpetrators, but has no decryption tool to enter the keys into and decrypt files.
I've managed to get my NAS running again by updating the DSM, and with some help from Synology the NAS still has all the encrypted files on it in the original place. After reading a very helpful thread at http://forum.synology.com/enu/viewtopic.php?f=108&t=89185 , I used WinSCP to get into the NAS, and found the "etc" folder where the perpetrators were supposed to have created a "synolock" directory containing files needed to decrypt with the keys. But unfortunately, the "synolock" directory is not there. I presume the DSM update must have wiped it out. Does anyone out there have a copy of this directory? I can see from the other thread that at least some people are having success decrypting manually, but the folder and its contents need to be there in order to accomplish that.
It sure would be a godsend if an expert could provide software enabling you to enter the public and private keys obtained from the perpetrators and decrypt the encrypted files. I realize that is probably asking too much, but it certainly would help a lot of people out there.
Another fantasy would be for some kind person to provide a copy of the "synolock" folder and its contents so that we can try to paste keys in there and see if that works.
Hello,
I recently was hit with synolocker like many others. I read on a synology forum that F-Secure had released software for those who paid the ransome and have the private/public keys. I have mine, but am confused on how to use the software. Forgive me, but I'm not extremeley technical with computers. I believe I have successfully installed python and pycrypto, but as to the process to decrypt I am lost. Is there a way to have a beginners guide written or a youtube video posted on the step by step process? The installation/usage instructions are too vague for my ablilty. Below are the steps but I simply do not understand. A quick video would be amazing. It appears there are quite a few people with keys that will use this software, just not sure how many people understand how to use it.
Installation
First, ensure you have Python 2.7.8 and pycrypto 2.6.1 installed. Then simply copy the synounlocker.py-script to a directory of your choosing.
Usage
From the command line: synounlocker.py <path to encrypted file> <path to private key file>
I have the keys but haven't received the decryption software that you apparently have. Can you find a way to put the decryption software files somewhere where they can be downloaded? Then I can download the files and try to get it to work using the keys they sent me. And if I get it to work, I would be glad to provide a "tutorial" explaining how I did it.
I noticed the perpetrators have updated their website informing everyone that they're working on two different decryption programs for people like me who were forced to update to DSM5, rending themselves unable to receive the decryption items. Their website says there will be one version for Linux that will be ready earlier, and another version for Windows that will be ready later. But so far, in spite of bitmailing them every day askiing for these, I haven't received either. I wonder if the items you received might be one of them.
This topic has been closed due to inactivity. If you would like to discuss this topic further, please start a new post.
You can reference this topic in your post by adding this link:
https://community.f-secure.com/t5/F-Secure-SAFE/Synolocker-file-decryption/td-p/56469
Visit the Community
Check our Forums or How-to & FAQs for advice or answers