Breach Response Hotline, Call 833.997.7327

Contact Us

Breach Response Hotline, Click to Call

Contact Us

Day 22: Suncrypt Ransomware

Common Attack Vectors

  • Phishing Emails
  • Remote Desktop Protocol

Vulnerabilities Exploited

  • Virtual Private Network (VPN) web portal (CVE-2018-13379)

Industries Targeted Frequently

Healthcare

Threat actors target healthcare industries to steal patients' names, financial records, social security numbers, and other personal information.

Education

Threat actors target education institutions, stealing students' and employees' information including name, SSN, and addresses.

Recent Activity

Suncrypt ransomware disclosed that they joined the Maze ransomware group and will work with Maze on a revenue-sharing model.

Suncrypt ransomware started using Distributed Denial-of-Service attacks threatening victims into paying the ransom for restoring the encrypted data.

University Hospital New Jersey was breached by the Suncrypt ransomware stealing around 240 GB of data and leaking 1.7 GB or 48,000 documents.

Common File Extensions

.sun

appending a string of random characters as the new extension

Known Alias

  • No Known Alias

How Suncrypt Ransomware is Distributed

The Suncrypt ransomware is distributed through a dynamic link library (DLL) file that encrypts computer files when accessed. The ransomware uses an obfuscated PowerShell script to install the malicious software. When the Suncrypt ransomware is activated on the victim’s system, it implements various malicious changes impacting system settings and leaves the system very vulnerable to additional malware attacks. Every time the infected system starts up, the ransomware threat begins automatically. All malicious processes including data encryption can occur in the background of all other running processes and remain hidden. After the Suncrypt ransomware activates a built-in cipher module, it encrypts valuable files leaving them inaccessible. The threat actors possess a specific tool for decrypting the files encoded by the Suncrypt ransomware.

ShadowSpear

SpearTip’s ShadowSpear platform defends your environment with unparalleled resources preventing cybersecurity threats and attacks from affecting your business. ShadowSpear integrates with cloud, network and endpoint devices providing security. ShadowSpear prevents ransomware from exploiting memory, stopping the threat before the full attack cycle. The ShadowSpear Platform is backed by the engineers in our 24/7 Security Operations Centers, ready to assist partners with security issues immediately.

24/7 Breach Response: US/CAN: 833.997.7327

Main Office: 800.236.6550

Email Us

1714 Deer Tracks Trail, Suite 150

St. Louis, MO 63131

Navigation

Connect With Us

Twitter Linkedin Facebook

©2024 SpearTip, LLC. All rights reserved.