Call 24/7: +1 (800) 972-3282

New SynAck Ransomware Variant Uses Doppelganging Process

Bogdan Glushko

Bogdan Glushko

CEO at SalvageData Recovery, Bogdan Glushko has over 18 years of experience in high-security data recovery. Over the years, he's been able to help restore data after logical errors, physical failures, or even ransomware attacks, for individuals, businesses, and government agencies alike.

Socials:

New SynAck Ransomware Variant Uses Doppelganging Process
Bogdan Glushko

Bogdan Glushko

CEO at SalvageData Recovery, Bogdan Glushko has over 18 years of experience in high-security data recovery. Over the years, he's been able to help restore data after logical errors, physical failures, or even ransomware attacks, for individuals, businesses, and government agencies alike.

Socials:

I think there's an issue with my storage device, but I'm not sure Start a free evaluation →

I need help getting my data back right now Call now (800) 972-3282

Some malware variants are becoming smarter and harder to stop. Kaspersky Lab discovered a new version of the SynAttack, which uses Process Doppelganging to evade malware tools, according to a report by Dark Reading.

How Does SynAck Ransomware Work?

Lead malware analyst for Kaspersky Lab, Anton Ivanov told Dark Reading, “Enterprises should be aware that threat actions have switched to targeted attacks with ransomware. These actors are beginning to use custom made ransomware with complicated techniques to bypass security solutions.”

If Ivanov’s comments were not sobering enough, consider this: Dark Reading found that authors of the SynAttack ransomware are using a potent combination of manual downloads for malware installation on devices and remote protocol brute-force attacks.

What makes this attack even more sinister is the deployment of the Doppelganging Process.

What is a Doppelganging Process?

Simply, ransomware authors devise malicious code and when your device reads them, they come across as harmless files. This is beneficial to hackers because it allows them to bypass the protocols found in anti-malware software.

Researchers from Kaspersky Lab went into further detail, “By manipulating how Windows handle file transactions, attackers can pass off malicious actions as harmless, legitimate processes, even if they are using known malicious code.”

Other Characteristics of the SynAck Ransomware Variant

Along with bypassing security protocols, the variant can also delete traces that it was even on the device. This makes it difficult for security personnel to re-engineer the code because they don’t have access to it.

In addition, the ransomware is capable of killing database applications, virtual machines, backup systems, and more, making it a tough customer for security experts to wrestle with.

Photo by: ID Experts

How Do I Know if I’m Affected?

Similar to other ransomware, you’ll receive a demand to pay with the vague promise of the author releasing the data back to you. According to Dark Reading, the average ransom is $3,000, so the hackers are banking on more people paying up given the low demand. 

What Happens if I Have Ransomware?

Ransomware is no joke as it prohibits access to your files. And if you run a business, this can be crippling to your operations. Thankfully, there’s a quick process to recover your data.

SalvageData built a reputation on quality, expertise, and compliance. With over 40 locations nationwide, we could be closer than you think. Contact us today to take the first step towards recovering your data, you’ll be glad you did.

Share

Related Services

Ransomware Recovery

Read more

Emergency Data Recovery Services

Read more

Hard Drive Recovery

Read more