TheSAM Lock Tool, better known asSyskey (the name of itsexecutable file), is a discontinued component ofWindows NT thatencrypts theSecurity Account Manager (SAM)database using a 128-bitRC4encryption key.[1]
Introduced in the Q143475 hotfix forWindows NT 4.0 SP3, the tool was removed inWindows 10's Fall Creators Update in 2017 because its method ofcryptography is considered insecure by modern standards and the fact that the tool has been widely employed in scams as a form ofransomware. Microsoft officially recommended use ofBitLockerdisk encryption as an alternative.[2][3]
Introduced in the Q143475 hotfix included inWindows NT 4.0 SP3,[4] Syskey was intended to protect againstofflinepassword cracking attacks by preventing the possessor of an unauthorized copy of the SAM file from extracting useful information from it.[4]
Syskey can optionally be configured to require the user to enter the key duringboot (as a startup password) or to load the key onto removable storage media (e.g., afloppy disk orUSB flash drive).[5]
In mid-2017, Microsoft removed syskey.exe from future versions of Windows.[6] Microsoft recommends using "BitLocker or similar technologies instead of the syskey.exe utility."
In December 1999, a security team fromBindView found a security hole in Syskey that indicated that a certain form of offlinecryptanalytic attack is possible, making abrute force attack appear to be possible.[4] Microsoft later issued a fix for the problem (dubbed the "Syskey Bug").[7] The bug affected both Windows NT 4.0 and pre-RC3 versions ofWindows 2000.[4]
Syskey is commonly abused bytechnical support scammers to lock victims out of their own computers in order to coerce them into paying a ransom.[8][9] It is also used against such scammers byscambaiters as a way to disrupt their fraudulent operations.[citation needed]
