SynAck Ransomware Evades Anti-virus Detection Via Process Doppelgänging

These past days, a new and updated version of SynAck Ransomware has been reported by the malware analysts which uses the deceptive technique known as Process Doppelgänging. Although, Process Doppelgänging is a technique which is used by the criminal hackers to inject malicious codes which exploits the Windows mechanism of NTFS transactions. The main objective of doing so is to create and hide the malicious processes of SynAck Ransomware in order to bypass the detection of pre-installed anti-virus program. Meanwhile, this is relatively a new technique which was first revealed at the security conference back in December 2017.

SynAck Ransomware

However, the racketeers behind dangerous ransomware or other precarious cyber infections have already used Process Doppelgänging method to make their attack most vicious and remain undetected from the installed anti-virus programs. A ransomware virus which has been identified using Process Doppelgänging technique is known SynAck Ransomware which was very active during the month of August and September 2017. Technically speaking, the malware does not uses a ransom payment portal onto its ransom-demanding message, but demands ransom fee in Bitcoin. While there is nothing special in SynAck Ransomware, but the appearance of its newer version which uses Doppelgänging technique has forced security analysts to take notice onto it.

According to the research report published by an online security lab researchers, SynAck Ransomware is now well-developed by the con artists which uses a top-notch file encryption algorithm. In addition to that, the malware employs Process Doppelgänging technique in order to evade the detection of anti-virus programs and extremely obfuscated to prevent from reverse engineering. The previous version of this ransomware infection was propagated through through poorly-secured RDP connections. Moreover, it is very likely that the operators of SynAck Ransomware still using the same way for the distribution of its newer version because no malvertising or spam email campaign has been found for spreading this ransomware.

See also: Data Keeper Ransomware Making Their First Victims After Two Days Release on Dark Web RaaS

New strain of SynAck Ransomware attack have been found attacking the countries like Iran, Kuwait, German and the United States. These are the countries that were most affected by the newer variant of SynAck virus. In case, if the victim of this ransomware is located outside the list of targeted countries, then the SynAck Ransomware will simply exists and the encryption of system files will not take place. However, the ability of using Process Doppelgänging technique in the ransomware infection represents a significant threat onto the virtual community. In order to upgrade its infection capability and remain undetected, the hackers behind this malware used the deceptive technique to gain as much ransom money as possible by encoding the specific files types saved on victim’s PC.

Leave a Comment

Your email address will not be published. Required fields are marked *