SunCrypt RaaS operation persists

Ransomware-as-a-service operation SunCrypt has soldiered on with its strain being updated with new capabilities despite being stagnant since its peak in mid-2020, BleepingComputer reports. A report from Minerva Labs revealed that SunCrypt has been recently updated to add process termination and cleaning capabilities. Resource-heavy processes are included within the newly-added process termination feature to block open data file encryption, while the cleaning capability is triggered once the encryption routine ends. SunCrypt enables self-deletion following the erasure of data logs, according to researchers. However, SunCrypt has been found to have continued the use of I/O completion ports to allow quicker encryption. Based on ID Ransomware submissions, there has been limited but persistent data encryption from SunCrypt. M eanwhile, Minerva researchers said that the RaaS operation recently attacked Migros, the largest supermarket chain in Switzerland. It may be possible that SunCrypt may be aiming attacks at high-value organizations while keeping ransom negotiations confidential so as not to raise attention from law enforcement.