New SynAck Ransomware Variant Uses Doppelganging Process

Some malware variants are becoming smarter and harder to stop. Kaspersky Lab discovered a new version of the SynAttack, which uses Process Doppelganging to evade malware tools, according to a report by Dark Reading.

How Does SynAck Ransomware Work?

Lead malware analyst for Kaspersky Lab, Anton Ivanov told Dark Reading, “Enterprises should be aware that threat actions have switched to targeted attacks with ransomware. These actors are beginning to use custom made ransomware with complicated techniques to bypass security solutions.”

If Ivanov’s comments were not sobering enough, consider this: Dark Reading found that authors of the SynAttack ransomware are using a potent combination of manual downloads for malware installation on devices and remote protocol brute-force attacks.

What makes this attack even more sinister is the deployment of the Doppelganging Process.

What is a Doppelganging Process?

Simply, ransomware authors devise malicious code and when your device reads them, they come across as harmless files. This is beneficial to hackers because it allows them to bypass the protocols found in anti-malware software.

Researchers from Kaspersky Lab went into further detail, “By manipulating how Windows handle file transactions, attackers can pass off malicious actions as harmless, legitimate processes, even if they are using known malicious code.”

Other Characteristics of the SynAck Ransomware Variant

Along with bypassing security protocols, the variant can also delete traces that it was even on the device. This makes it difficult for security personnel to re-engineer the code because they don’t have access to it.

In addition, the ransomware is capable of killing database applications, virtual machines, backup systems, and more, making it a tough customer for security experts to wrestle with.

How Do I Know if I’m Affected?

Similar to other ransomware, you’ll receive a demand to pay with the vague promise of the author releasing the data back to you. According to Dark Reading, the average ransom is $3,000, so the hackers are banking on more people paying up given the low demand. 

What Happens if I Have Ransomware?

Ransomware is no joke as it prohibits access to your files. And if you run a business, this can be crippling to your operations. Thankfully, there’s a quick process to recover your data.

SalvageData built a reputation on quality, expertise, and compliance. With over 40 locations nationwide, we could be closer than you think. Contact us today to take the first step towards recovering your data, you’ll be glad you did.