Categories: EducationRansomware

Bitcoin Ransomware Education: SynAck

Virtually every other week, a new type of ransomware starts causing many headaches. The latest malware strain to surface is called SynAck, and it has been a relatively dormant malware up to this point. In fact, it was a strain most researchers had never heard of until very recently. This particular type of malware has been around since August 3rd and does not bear any resemblance to other ransomware types whatsoever.

SynAck Ransomware Baffles Security Researchers

Given the plethora of ransomware strains in circulation, it is almost impossible to come by a unique creation. Nearly every type of malware borrows one or more elements from existing types. Cybercriminals often look at what their competitors have to offer and strive to implement similar features in their own malware. Additionally, there is a growing number of ransomware-as-a-service (RaaS) platforms to contend with.

Everyone was surprised when they stumbled upon the SynAck ransomware. It has no correlations with any other existing types of malware in circulation, which is very unusual. Considering how the malware was first spotted over a month ago, one would have expected to see at least some infection reports by now. In fact, they are pretty difficult to come by, as no one has actively distributed SynAck on a large scale. That was, until a few days ago, when a large spike of activity was recorded on a global scale.

Thanks to the ID-Ransomware service, security researchers were able to determine around 100 incidents involving the SynAck ransomware. It took experts some time to analyze the various code samples, and the results were not what one would expect. There are at least three different variants of SynAck in circulation as we speak. Every version has its own ransomware note, yet none of them use a payment portal hosted on the clearnet or darknet.

Related Post

It is not the first time we have seen ransomware developers move away from using a centralized payment portal. Although hosting such a site on the darknet usually ensures it remains operational for a few weeks, it also provides a way for security experts to identify the people responsible for these distribution campaigns. That is not in the best interest of cybercriminals, as they aim to remain anonymous on the internet at all times. Not opting for payment in the form of Bitcoin would certainly help in this regard, as the world’s leading cryptocurrency lacks any anonymity or privacy traits.

Instead, victims of the SynAck ransomware are asked to communicate with the developers through the BitMessage platform. It is unclear how much money victims must pay to get their computer files back, as the amounts seem to differ based on which of the three types has infected the computer in question. So far, it appears the malware is mainly distributed through Remote Desktop connections with the intent of targeting small businesses and large corporations. It is not a malware designed to infect consumer systems, although there will always be “collateral damage.”

One user claims he was asked to make a US$2,100 payment in Bitcoin to a specific wallet address. The address in question currently holds around 98 BTC in funds, although it is doubtful all of that money was a result of the SynAck ransomware distribution campaign. Moreover, around half of those funds have been moved out of this wallet address over the past few days, which may hint at how this address is part of a ransomware-as-a-service scheme. For the time being, there is no free decryption tool for SynAck victims.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

Cheems Surge On BSC Network: A Rising Star With Growing Market Value

The Cheems token on the Binance Smart Chain (BSC) is gaining significant momentum, surging by…

3 hours ago

Lester Token Crashes 40% Following Official Announcement

The value of $LESTER plummeted by 40% in the past 24 hours, leaving its market…

3 hours ago

From $30K To Millions: The Wild Journey Of $Quant And Xiaohaige’s Memecoin Stunts

In a bizarre turn of events, a young live-streamer known as Xiaohaige created the memecoin…

3 hours ago

Whale “convexcuck.eth” Makes Bold $CVX Move, Nets Significant Profit Amid Price Surge

The crypto whale known as "convexcuck.eth" has made waves in the DeFi world, spending $2…

3 hours ago

$ELIZA Token Launch Marred By Insider Trading Allegations

The launch of $ELIZA, a token introduced by Andreessen Horowitz (a16z) partner @shawmakesmagic, has sparked…

3 hours ago

Cardano’s Rally Highlights Diverging Moves Among Investors

Cardano ($ADA) has been making waves in the crypto market, breaking away from the altcoin…

3 hours ago