Activity surrounding a new strain of ransomware named SynAck spiked last week with at least three different versions being reported to Bleeping Computer help forum and MalwareHunter's ID-Ransomware service.
SynAck first came to notice in early August, but operated at a low level until recently when an upward shift in activity was noticed. SynAck differs from other ransomware types by demanding its victims contact them directly through email or a BitMessage ID in order to arrange for the ransom payment, usually about $2,100 in bitcoin, instead of setting up a payment portal, reported Bleeping Computer. Additionally, the malware attaches its own randomly generated 10-character alphanumeric extension to the encrypted files.
Attacks are conducted using remote desktop protocol brute-force attacks to access remote computers and then the operators manually download and install the ransomware. Bleeping Computer said victims were using Windows Server and enterprise workstations.
While it is not known how many people have been affected, the bitcoin wallet associated with the attacks has about $425,000 deposited and sees frequent use.
