From 5e11faaa924c482ebdc10d8ed4b37011b0825eaa Mon Sep 17 00:00:00 2001 From: Deborah Servili Date: Wed, 6 Sep 2017 13:45:24 +0200 Subject: [PATCH] add SynAck Ransomware --- clusters/ransomware.json | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/clusters/ransomware.json b/clusters/ransomware.json index e12d8195..25a788ff 100644 --- a/clusters/ransomware.json +++ b/clusters/ransomware.json @@ -8534,6 +8534,18 @@ "https://twitter.com/struppigel/status/900238572409823232" ] } + }, + { + "value": "SynAck", + "description": "The ransomware does not use a customized desktop wallpaper to signal its presence, and the only way to discover that SynAck has infected your PC is by the ransom notes dropped on the user's desktop, named in the format: RESTORE_INFO-[id].txt. For example: RESTORE_INFO-4ABFA0EF.txt\n In addition, SynAck also appends its own extension at the end of all files it encrypted. This file extensions format is ten random alpha characters for each file. For example: test.jpg.XbMiJQiuoh. Experts believe the group behind SynAck uses RDP brute-force attacks to access remote computers and manually download and install the ransomware.", + "meta": { + "refs": [ + "https://www.bleepingcomputer.com/news/security/synack-ransomware-sees-huge-spike-in-activity/" + ], + "synonyms": [ + "Syn Ack" + ] + } } ], "source": "Various",