diff --git a/clusters/ransomware.json b/clusters/ransomware.json index e12d8195..25a788ff 100644 --- a/clusters/ransomware.json +++ b/clusters/ransomware.json @@ -8534,6 +8534,18 @@ "https://twitter.com/struppigel/status/900238572409823232" ] } + }, + { + "value": "SynAck", + "description": "The ransomware does not use a customized desktop wallpaper to signal its presence, and the only way to discover that SynAck has infected your PC is by the ransom notes dropped on the user's desktop, named in the format: RESTORE_INFO-[id].txt. For example: RESTORE_INFO-4ABFA0EF.txt\n In addition, SynAck also appends its own extension at the end of all files it encrypted. This file extensions format is ten random alpha characters for each file. For example: test.jpg.XbMiJQiuoh. Experts believe the group behind SynAck uses RDP brute-force attacks to access remote computers and manually download and install the ransomware.", + "meta": { + "refs": [ + "https://www.bleepingcomputer.com/news/security/synack-ransomware-sees-huge-spike-in-activity/" + ], + "synonyms": [ + "Syn Ack" + ] + } } ], "source": "Various",