SynAck Ransomware Demonstrates Significant Rise in Activity

SynAck malware belongs to ransomware viruses. It was first detected by famous ransomware expert Michael Gillespie.

Within the last week, there has been an intensification in distribution efforts from a comparatively unexplored ransomware type called SynAck. This specific ransomware virus was initially found in early August and ransomware gurus promptly confirmed they were observing a fresh kind of virus not related to any other ransomware family.

synack ransom note (decryption instructions)
synack ransom note (decryption instructions)

SynAck encrypts user data using an AES-256 algorithm (ECB mode) and requires a ransom of 2,100 USD to be sent on BTC to return the files. In comparison with other ransomware infections, the price of decryption is fairly high as it generally ranges between 500 USD and 1,500 USD.
A random extension is added to the encrypted files.
Examples of encrypted files:

invoice01.txt.wxdrLbgSDa
invoice02.doc.vUSveYgIp
The ransom note is called: RESTORE_INFO-(ID).txt and looks like RESTORE_INFO-XXXXXX.txt
Examples of notes:
RESTORE_INFO-C5E24CKW.txt
RESTORE_INFO-2ABFA9WB.txt

It is most likely SynAck is using unprotected RDP configurations to penetrate user machines. Attackers simply brute-force RDP after which they personally download, install, and launch the ransomware by hand. Affected individuals were working with Windows Servers and several enterprise workstations.
Although the number of people who have been impacted is not yet identified, the Bitcoin wallet related to the virus authors possesses about $420,000 and gets regular use.
SynAck is mostly aimed at the English-speaking audience, however, it targets users all around the world.
To protect your systems from SynAck ransomware it is necessary to use only strong passwords for your RDP. Dictionary attacks prove to be successful so using passphrases combined with special characters and upper and lower cases may keep you safe.
In addition, and as it is usually advised when dealing with ransomware, you should make regular copies of all important files. In this case, if you become infected with ransomware, you will not have to pay the ransom. You will have to clean the system and restore files from backups.

Leave a Reply

Your email address will not be published. Required fields are marked *