What is Syskey?

What is Syskey

If you are a non-software engineer who has heard of Syskey, it’s probably in relation to a bout of scams that plagued Microsoft users not so long ago. Actual Syskey is not a malware program as widely believed.

In reality, Syskey is an encryption program once found in Microsoft operating systems. It’s not present in equivalent Mac systems.

Scroll down to learn more about Syskey, what it is, scams related to Syskey, and how to protect yourself against such threats:

Syskey Explained (What is it Used for?)

Syskey is simply a program designed by Microsoft, intended for the company’s early operating systems. The word is the shortened form of “system key.” It could be found in any Windows desktop operating systems released before Windows 10, including XP, Vista and Windows 7.

To understand Syskey, you  need to understand the SAM first.  All Windows operating systems have a database called the Security Account Manager, better known as SAM. This database stores user passwords for the computer in a hashed format.

Hashing is a way to make a password unreadable by an unauthorized program. It’s a security measure taken to prevent password theft. Hashed passwords are encrypted so that hackers and cybercriminals cannot gain access to a Windows computer by simply looking up the SAM.

The SAM is like a lockbox that kept all user passwords on a Windows computer safe. The Syskey is the lock in the lockbox. As all locks can be opened with the right key, anyone with the right Syskey password can get access to the SAM, and all the passwords within it.

In the early days, Microsoft enabled users to secure the SAM by moving its encryption key—the Syskey—to a different location. That is, users could move the key off the computer and into another computer or a hardware device.

This key could then be used to configure a password that could decrypt the SAM. These are the instructions Microsoft used to provide to configure Syskey protection:

  • Access Syskey via the command prompt.
  • Go to the “Securing the Windows Account Database” and check that the encryption is enabled (it’s the only option). Click the update box next to it.
  • Here users have the option to create a password when the computer boots using “Password Startup.” If not, proceed to “System Generated Password.”
  • Now users can choose the option to store the Syskey on a separate hardware device. Microsoft alows floppy disk storage. Users can choose a hard disk, but this would only store the password in the local hard drive.
  • Once the user has chosen the option, they should click “ok” twice to complete the process. Microsoft recommends using a backup floppy disk for optimal security. Now the system can be decrypted remotely.

Syskey is No Longer Available on Newer Microsoft Operating Systems

The Syskey process is very much outdated in modern times. (If the floppy disk mentioned earlier is an indication.) Microsoft officially discontinued Syskey in operating systems from Windows 10 onwards. It’s not available in Windows Server 2016 version 1709 either.

Now, Windows operating systems do not prompt users for a Syskey password during startup. Once, Syskey vould  encrypt the Active Directory domain controller externally. This functionality was scrapped along with Syskey.

Microsoft discontinued Syskey because it was based on weak cryptography protocols. Encryption is based on complex mathematical problems. Solving these problems is beyond the capabilities of just about everyone.

However, with the field evolving, some cryptography methods become solvable. That means some older encryption methods are useless now. This is what happened to Syskey.

Syskey was originally limited in its application. It didn’t cover all data files of the operating system, for example. Hackers used this limited utility vulnerability to gain access to the Syskey.

Syskey Scams

Syskey was used in a slew of ransomware scams in 2010 onwards. These were better known as “tech support” scams.

Here’s how the typical Syskey scam would go: A hacker would trick a Windows user into giving them remote access to the PC. This was mostly done by hackers posing as IT or tech support personnel from supposedly Microsoft-affliated companies.

When the hacker has remote access, he or she would then gain access to the Syskey. The hacker would use it to lock the Windows user out of his or her own system. The scammer would then demand money in return for unlocking the computer.

In some instances, unsuspecting Windows users were cold called by scammers. The owners were told that their PCs had “critical issues” that required immediate fixing.

Users may panic at these calls, and then give supposed tech support remote access to their computers. The cybercriminals who would then invoke Syskey and demand credit card information.

It is not impossible to unlock a Syskey locked computer without giving into hacker demands. However, this would require a complete system rest.

A legitimate tech support person can reformat the computer. It would return the the user full access once more. But users may lose some, if not most, data.

Users may lose documents, photos, or app data during the reformatting process. Unless there’s a backup somewhere else. A system restore point or a partitioned hard drive can minimize the data loss.

How to Protect Yourself against Syskey Ransomware Scams

The best way to protect your computer against a Syskey scam: Stop using a computer that still reliant on this outdated encryption system. It’s highly recommended to upgrade to Windows 10 or later to avoid Syskey scams.

Also, you can prevent Syskey hacking attempts by not giving anyone remote access to your computer. Do not fall for random phone calls that claim your PC has critical problems.

Use only trusted tech support personnel with licensed physical stores in your area. Microsoft has certified tech support businesses you can refer to. Be sure to look up these recommended services only on the official Microsoft website.

Additionally, back up all your personal files in case your operating system needs to be restored. You should use a cloud drive and an external disk drive.

A professional IT person can create a restore point in your computer. A reformatted system can revert back to that in case you are locked out of your computer for any reason.

You should inform yourself about modern cyber threats to better protect your computer. These are ever evolving, and Syskey is only one of many scams.

About the author

Ollie

is a Systems Engineer and a former Computer Tech Support Specialist. When he's not working or tweaking his Dell XPS 13, he enjoys taking a photograph or two.

Click here to add a comment

Leave a comment:


Shares
All search results