Ransomware Awareness

New SynAck Ransomware Variant Uses Doppelganging Process

Some malware variants are becoming smarter and harder to stop. Kaspersky Lab discovered a new version of the SynAttack, which uses Process Doppelganging to evade malware tools, according to a report by Dark Reading.

How Does SynAck Ransomware Work?

Lead malware analyst for Kaspersky Lab, Anton Ivanov told Dark Reading, “Enterprises should be aware that threat actions have switched to targeted attacks with ransomware. These actors are beginning to use custom made ransomware with complicated techniques to bypass security solutions.”

If Ivanov’s comments were not sobering enough, consider this: Dark Reading found that authors of the SynAttack ransomware are using a potent combination of manual downloads for malware installation on devices and remote protocol brute-force attacks.

What makes this attack even more sinister is the deployment of the Doppelganging Process.

What is a Doppelganging Process?

Simply, ransomware authors devise malicious code and when your device reads them, they come across as harmless files. This is beneficial to hackers because it allows them to bypass the protocols found in anti-malware software.

Researchers from Kaspersky Lab went into further detail, “By manipulating how Windows handle file transactions, attackers can pass off malicious actions as harmless, legitimate processes, even if they are using known malicious code.”

Other Characteristics of the SynAck Ransomware Variant

Along with bypassing security protocols, the variant can also delete traces that it was even on the device. This makes it difficult for security personnel to re-engineer the code because they don’t have access to it.

In addition, the ransomware is capable of killing database applications, virtual machines, backup systems, and more, making it a tough customer for security experts to wrestle with.

Photo by: ID Experts

How Do I Know if I’m Affected?

Similar to other ransomware, you’ll receive a demand to pay with the vague promise of the author releasing the data back to you. According to Dark Reading, the average ransom is $3,000, so the hackers are banking on more people paying up given the low demand. 

What Happens if I Have Ransomware?

Ransomware is no joke as it prohibits access to your files. And if you run a business, this can be crippling to your operations. Thankfully, there’s a quick process to recover your data.

SalvageData built a reputation on quality, expertise, and compliance. With over 40 locations nationwide, we could be closer than you think. Contact us today to take the first step towards recovering your data, you’ll be glad you did.

Share
Sean Jackson

Share
Published by
Sean Jackson

Recent Posts

How to Backup Computer to External Hard Drive

It's essential to back up your computer’s data on an external hard drive (HD) to…

3 years ago

Invalid Partition Table Disk Error: Causes & How To Fix

The invalid partition table error is not a standard disk error. However, you may face…

3 years ago

Hajd Ransomware: Data Recovery & Removal

Like any other ransomware, Hajd ransomware encrypts your files and demands a ransom for the…

3 years ago

What are the RAID 5 Requirements?

RAID 5, or Redundant Array of Independent Disks 5, is a data storage configuration. It…

3 years ago

SD Cards: The Ultimate Guide About This Storage Technology

An SD card, or a secure digital card, is a small flash memory card used…

3 years ago

Uyjh Ransomware: Data Recovery & Security Best Practices

Uyjh is ransomware that encrypts your files, adding a .uyjh extension to it. So, if…

3 years ago