SunCrypt ransomware operators are still using the ransomware to compromise organizations. According to Minerva Labs, the gang recently compromised Migros, Switzerland’s largest supermarket.<\/p>\n
The malware operators have developed a better version of their strain which offers new capabilities. The capabilities include process termination, stopping services, and wiping the machine clean for ransomware execution.<\/p>\n
The process termination feature includes resource-heavy processes that can block the encryption of open data files such as WordPad (documents), SQLWriter (databases), and Outlook (emails).<\/p>\n
SunCrypt operators however retained the use of I\/O completion ports for faster encryption through process threading.<\/p>\n
They also continue to encrypt both local volumes and network shares while maintaining an allowlist for the Windows directory and other items that render a computer inoperable when compromised.<\/p>\n
SunCrypt was notoriously known in mid-2020 as one of the pioneers of triple extortion on non-paying victims.<\/p>\n