SynAck Ransomware & Process Doppelgänging: Double Threat

June 21, 2018 11:55 am | Published by

Ransomware can be a very scary word in the IT world.  But SynAck Ransomware is even scarier.  SynAck Ransomware is said to be the first of its kind to use Process Doppelgänging in order to bypass known security solutions.  These attacks have taken place most frequently in the United States, Kuwait, Germany and Iran.

 

Process Doppelgänging is a new file-less code injection technique that can exploit Windows versions Vista through 10 by utilizing built-in Windows functions and a yet to be documented Windows process loader to bypass known security measures.  This lets the code be mapped on the disk while leaving no traces of the malware when the process rolls back during scanning.  Process Doppelgänging makes the detection and analysis of ransomware and other malicious code to be extremely difficult.

 

During a SynAck attack, the ransomware typically targets virtual machines, office and gaming applications, database, multimedia files, and backup systems.  This makes it much easier for it to scan for and target any data that is valuable.  Ransom amounts of $3,000 have been the average requested amount.  This is just one of the many new tactics that cybercriminals are using, hoping to collect any profit that they can.

 

In order to protect your systems, here are a couple of tips to keep in mind:

–          Back up your files on a regular basis.

–          Data categorization and network segmentation is a good habit to get into, that way you have layered protection isolate infections and limit access to your data.

 

It’s important to be aware of what is going on around you in the IT world.  For the latest threats, check back on the homepage of our website, where we will be updating and informing you on everything you need to know.

Categorised in:

This post was written by Darrin Gonchar

Book Your Free Consultation Today!