Suncrypts Overview

SunCrypt is a RaaS (Ransomware as a Service) group that was first seen in October 2019, and was one of the first groups to apply triple extortion* tactics to their attacks. Unlike other RaaS groups, SunCrypt runs a small and closed affiliate program. The first version of this ransomware was written in GO, but after C and C++ versions were released in mid-2020, the group became much more active. SunCrypt mostly affects the Services, Technology, and Retail industries. Our researchers recently identified an updated version of this ransomware which includes additional capabilities.

SunCrypt often uses the PowerShell loader for delivery and deployment. Our sample was dropped by .zip file. This is not a very sophisticated or fast ransomware, but differs from others with its unique encryption routine which barely makes any use of the system API. Almost all of the API functions used by SunCrypt are statically imported, with a small number that are dynamically imported.

Source