SunCrypt ransomware is a less sophisticated malware that has impacted multiple companies since 2019. The malware can run with one of the following parameters: “-noshares”, “-nomutex”, “-noreport”, “-noservices”, “-vm”, “-path”, “-justcrypt”, and “-keep_exe”. The ransomware kills a list of targeted processes and deletes all Volume Shadow Copies using COM objects.
The encryption is done using multithreading with I/O completion ports, which is a common technique used by most current ransomware families. SunCrypt uses a combination of Curve25519 and ChaCha20 algorithms during the encryption routine. The binary deletes the Windows event logs via two different methods and performs self-deletion at the end of the execution.