Ransomware, Threat Management, Threat Management

SunCrypt RaaS operation persists

Ransomware-as-a-service operation SunCrypt has soldiered on with its strain being updated with new capabilities despite being stagnant since its peak in mid-2020, BleepingComputer reports. A report from Minerva Labs revealed that SunCrypt has been recently updated to add process termination and cleaning capabilities. Resource-heavy processes are included within the newly-added process termination feature to block open data file encryption, while the cleaning capability is triggered once the encryption routine ends. SunCrypt enables self-deletion following the erasure of data logs, according to researchers. However, SunCrypt has been found to have continued the use of I/O completion ports to allow quicker encryption. Based on ID Ransomware submissions, there has been limited but persistent data encryption from SunCrypt. M eanwhile, Minerva researchers said that the RaaS operation recently attacked Migros, the largest supermarket chain in Switzerland. It may be possible that SunCrypt may be aiming attacks at high-value organizations while keeping ransom negotiations confidential so as not to raise attention from law enforcement.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds