Synack: ransomware that injects code without being detected by antivirus

Security experts have discovered the new ransomware that has carried out several attacks. It is a variant that makes use of a very special technique when it comes to attacking. Since it exploits Process Doppelgänging, something that supposes that it can inject code without the antivirus detecting it. This ransomware affects all versions of Windows currently available.

Synack: Ransomware that injects code without being detected by antivirus

Basically what it does is create a malicious process on the computer. So it replaces the memory of a legitimate process and tricks the system in this way. It has been detected by Kaspersky Lab, which confirms that it is a variant of SynAck.

New ransomware

SynAck was detected for the first time last year, back in September. It is known that he used complex obfuscation techniques. Although the researchers managed to unzip their files and all the information about it was published. In addition, there are several countries that it does not affect, such as Russia, Ukraine, Belarus or Georgia.

This ransomware is dedicated to analyzing the keyboard settings that the user has installed on their computer. He then compares it with the list of malware files. If it finds matches, a command is launched that prevents encryption. But if there are not, it is executed.

So far, countries like Germany or the United States have been affected by this SynAck attack. The extent of these attacks is not known so far. But at the moment it seems that it is still active, although to a lesser extent. So you will have to be aware of more news about this ransomware.

The Hacker News Font