Thursday, October 18, 2018
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Samsung Debuts 7nm LPP EUV, SmartSSD and 256GB 3DS RDIMM at Samsung Tech Day
How Google's Titan M Security Chip Works
Twitter Discloses Millions of State-backed Tweets and Accounts
Apple Releases Tool to Show You What Data it Has Collected
U.S. Broadcasters to Launch ATSC 3.0 TV In 2020
iPhone XR Available for pre-order on Friday
Facebook Sued Over Hiding Inflated Ad Metrics
Tesla Moves Closer to China With $2 billion Shanghai Gigafactory
Active Discussions
Which of these DVD media are the best, most durable?
How to back up a PS2 DL game
Copy a protected DVD?
roxio issues with xp pro
Help make DVDInfoPro better with dvdinfomantis!!!
menu making
Optiarc AD-7260S review
cdrw trouble
 Home > News > General Computing > SynAck ...
Last 7 Days News : SU MO TU WE TH FR SA All News

Monday, May 07, 2018
SynAck Ransomware Gets Smarter and Potentially Undetected

Malware tends to evolve to help it avoid detection by antivirus programs. For example, SynAck ransomware, which has been known since September 2017, has been overhauled to become a very sophisticated threat that avoids detection, Kasperksy Labs notes.

Malware creators commonly use obfuscation - attempts to make the code unreadable so that antiviruses will not recognize the malware - typically employing special packaging software for that purpose. However, antivirus developers caught on, and now antivirus software effortlessly unpacks such packages. The developers behind SynAck chose another way that requires more effort on both sides: thoroughly obfuscating the code before compiling it, making detection significantly harder for security solutions.

That's not the only evasion technique the new version of SynAck uses. It also employs a rather complicated Process Doppelganging technique - and it is the first ransomware seen in the wild to do so. Process Doppelganging was first presented at Black Hat 2017 by security researchers, after which it was picked up by malefactors and used in several malware species.

Process Doppelganging relies on some features of the NTFS file system and a legacy Windows process loader that exists in all Windows versions since Windows XP, letting developers create fileless malware that can pass off malicious actions as harmless, legitimate processes.

SynAck has two more noteworthy features. First, it checks if it's installed in the right directory. If it's not, it doesn't run - that's an attempt to avoid detection by the automatic sandboxes various security solutions use. Second, SynAck checks if it's installed on a computer with a keyboard set to a certain script - in this case, Cyrillic - in which case it also does nothing. That's a common technique for restricting malware to specific regions.

From the user's perspective, SynAck is just more ransomware, notable mainly for its steep demand: $3,000. Before encrypting a user's files, SynAck ensures it has access to its important file targets by killing some processes that would otherwise keep the files in use and off limits.

The victim sees the ransom note, including contact instructions, on the logon screen. Unfortunately, SynAck uses a strong encryption algorithm, and no flaws have been found in its implementation, so there is no way yet to decrypt the encrypted files.

Researchers at kaspersky Labs have seen SynAck distributed mostly by Remote Desktop Protocol brute force, which means it's mostly targeted at business users. The limited number of attacks thus far all of them in the USA, Kuwait, and Iran - bears out this hypothesis.

Here are a few tips that can help you avoid infection or, if necessary, minimize the consequences.

Back up your data regularly. Store backups on separate media not permanently connected to your network or to the Internet.
If you do not use Windows Remote Desktop in your business processes, disable it.
Use a good security solution with a built-in firewall and specific antiransomware components

Microsoft Build 2018 Highlights        All News        Fitbit Rolls out Quick Replies, Female Health Tracking
Microsoft Build 2018 Highlights     General Computing News      Volvo Cars to Embed Google Assistant, Google Play Store and Google Maps in Infotainment System

Get RSS feed Easy Print E-Mail this Message

Related News
Cryptominers Gain Ground Over Ransomware
Ransomware Hits Servers Across the Globe
Symantec Points at North Korean Hackers in Ransomware Attacks
WannaCry Cyber Attack Has Similarities With North Korean Hacks
What is the WannaCry Ransomware And How To Protect Yourself
Microsoft Patches Windows XP and Windows Server 2003 to fight 'WannaCrypt' Attacks
Worldwide Ransomware Attack Reported, U.K. Hospitals And FedEx Among Infected

Most Popular News
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2018 - All rights reserved -
Privacy policy - Contact Us .