Suncrypt 2020 is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on August 1, 2020, this ransomware has been actively targeting systems worldwide. Security researchers also track this malware under the aliases: Haywood.
Quick Facts
Ransomware Family
Suncrypt 2020
First Seen
August 1, 2020
Known Aliases
Haywood
How Suncrypt 2020 Ransomware Works
Targeted Files
Encrypts first 0x8000 bytes
https://sapphirex00.medium.com/diving-into-the-sun-suncrypt-a-new-neighbour-in-the-ransomware-mafia-d89010c9df83
File Encryption Patterns
Suncrypt 2020 modifies encrypted files using specific patterns to mark them as encrypted:
File extensions added after encryption:
./\.[A-F0-9]{64}/
Ransom Note and Payment Demands
After encrypting files, Suncrypt 2020 displays ransom notes demanding payment for file recovery:
fileYOUR_FILES_ARE_ENCRYPTED.HTML
Ransom message:
notes/YOUR_FILES_ARE_ENCRYPTED.HTML
Note locations:
EveryFolder
fileDecryptFiles.TXT
Ransom message:
notes/DecryptFiles.TXT
Technical Indicators
Associated Executable Files
The following executable files are associated with Suncrypt 2020 ransomware:
haywood.ps1
1.exe
load.ps1
321.ps1
ca5751036a12d0.exe
ddcgroup.com 5M$_cryptor.exe_org
Elastio Can Help You
Don't let Suncrypt 2020 ransomware take over your data
Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.
This Suncrypt 2020 ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like Suncrypt 2020.