DESYNC Ransomware

The DESYNC Ransomware is a file-locking Trojan that blocks media for ransoming its decryption solution. Attacks of this nature can keep text documents, images, music, databases, and other formats of data from opening in their associated software, and may not be reversible. Have your anti-malware tools prevent infections or delete the DESYNC Ransomware, and maintain backups for the safety of your work.

Getting Desynchronized from Your Files

A file-locking Trojan's campaign is attacking Brazil, and possibly, other regions of the world. The DESYNC Ransomware may be a variant of a previous family or threat of note to malware experts, but, so far, is leaving no tracks to its point of origin. The threat actors left their ransoming demands just as mysterious, which could be part of a plan for maximizing their profits while negotiating with their victims.

The DESYNC Ransomware is one of the thousands of file-locking Trojans that operate inside of Windows environments and can block Microsoft Office content, such as Word documents, along with an uncertain quantity of other media formats. It appends a 'DESYNC' extension, which can help with identifying the hostage work, but that cosmetic issue doesn't impact its encryption, which is the actual change blocking the files from opening. Malware experts are estimating the DESYNC Ransomware's using AES in ECB (or 'Electronic Codebook' mode, in contrast to the usually preferable CBC 'Cipher Block Chaining' mode) as its data-encrypting strategy.

The ransoming negotiations for the unlocking service occur through e-mail, and the DESYNC Ransomware offers no upfront pricing model for the decryption. On the other hand, malware experts don't discourage taking advantage of the threat actor's 'free sample' for one file, which could provide helpful data on the DESYNC Ransomware's payload. Paying the ransom, however, always is to be undertaken at your own risk and has no guarantees.

Syncing Back Up with Your Digital Possessions

While the DESYNC Ransomware's only victims are residing in Brazil, nothing about its payload implies that Brazilians are its sole targets. The victims could open themselves up to attacks by using non-secure logins for their networks (such as crackable default passwords), by leaving Remote Desktop features on, by opening unsafe e-mail attachments or even downloading the wrong torrent. While network administrators should take additional precautions, most low-level attacks are preventable by running anti-malware products for detecting the DESYNC Ransomware automatically.

Malware researchers can't qualify the DESYNC Ransomware's encryption as being breakable by third parties but have yet to rule out the possibility, as well. The users should retain samples of all relevant files and messages, such as spam e-mails, to provide it to interested members of the cyber-security community. While anti-malware products of most brands should eliminate the DESYNC Ransomware, the encrypted media may require unimpacted backups for any recovery.

Brazil is, unsurprisingly, one of many focal points for file-locker Trojans just like the DESYNC Ransomware, such as the CryptoWire Ransomware family, along with banking Trojans. However, what affects South America is just a taste of what threat actors are unveiling around the rest of the world, too.