Emsisoft has released a SynAck ransomware decryptor that works on all variants and allows victims to recover their files for free.

SynAck is a ransomware that was first spotted in 2017 and encrypts files using either ECIES and AES-256 or RSA-2048 and AES-256.

SynAck appends a random extension to each file but can be identified by a special filemarker at the end of files that also denotes which version of the malware was used.

In order to decrypt your files, the decryptor will require a ransom note, which contains the encrypted key.

Since the ransomware does not save any information about the unencrypted files, the decryptor can’t guarantee that the decrypted data is identical to the one that was previously encrypted. Therefore, the decryptor by default will opt on the side of caution and not remove any encrypted files after they have been decrypted. If you want the decryptor to remove any encrypted files after they have been processed, you can disable this option. Doing so may be necessary if your disk space is limited.