What is SynAck ransomware?
SynAck, also known as Syn Ack, is a file encrypting threat that was recently discovered by malware security expert, Michael Gillespie. SynAck is quite similar to GlobeImposter, Nemesis, Gryphon, BTCWare, and other harmful ransomware infections. The only difference between them is the type of encryption algorithm they used in executing their attacks.
According to malware security experts, developers of SynAck ransomware employ RDP brute-force attacks to hijack computers and install the malware manually. They also noted that apart from individual users, this ransomware also targets Windows server machines as well as Enterprise networks.
How does SynAck execute its attack?
During its attack SynAck encrypts stored data in the computer using ECIES and AES 256 encryption algorithms. And during the encryption process, the malware appends each file with an extension containing 10 random letters. After the files are encrypted, SynAck creates a text file named RESTORE_INFO-[victim’s id].txt and places it on the desktop. The text file contains its ransom note with the following message:
Files are encrypted, algorithm used: ecies-secp192r1 & aes-ecb-256.
To decrypt your files, please contact us using this e-mail address:
If for unknown reasons you did not receive any answer on e-mail,
write to BitMessage (using site https://bitmsg.me/):
Please do not perform any manipulations with encrypted files.
If you want to try to restore your files manually, do backups first.
And please do not remove files with text notes,
because they contain important information required for file restoring.
Please include the following text in your message:
Based on its ransom note, it encourages its victims to contact SynAck developers through the email address provided. Different SynAck versions provide slight difference regarding some information on the ransom note. Each version presents contact details so that its victim could get in touch with its developers:
- The first SynAck version suggested victims to write to [email protected], [email protected], [email protected], [email protected] or [email protected] and leaves BM-2cTp9eosgjWs8SV14kYCDzPN3HJkwYk1LQ BitMessage ID as an alternate way of contacting criminals;
- The second SynAck ransomware version provided [email protected] email and a different BitMessage ID: BM-2cStoatQC4mDNWDHAoo2C1nYZJXhDsjCLj;
- Lastly, final SynAck malware version suggests writing to [email protected] or BM-2cWsgWxq1X5M6qjDEBPvCdEbbPLn2zi43k via BitMessage.
No matter how convincing these crooks can get, don’t even think about contacting them for most cyber criminals tend to ignore their victims once they get what they want. And besides they might only pressure you into paying more money. To put it simply, paying these crooks won’t guarantee your files’ recovery. The best way to deal with SynAck and other ransomware infection is to have them removed from your computer as soon as possible and then try other recovery options to restore your files.
How does SynAck ransomware spread its infection?
As mentioned earlier, SynAck uses RDP brute-force attacks to infiltrate computer and then install the infection manually. Cyber criminals try to brute-force their way into the computer and network. This way, the malware can quickly compromise the enterprise networks and demand huge ransom amount for data recovery.
On top of that, SynAck malware might also be distributed using other means such as malvertising, malicious spam emails, and similar techniques.
How can you prevent SynAcks attacks?
SynAck, just like other ransomware infections, takes advantage of system vulnerabilities to hijack computers. To prevent this, make sure that you always keep both your system and antivirus program up-to-date. This way, it increases your resistance against these kinds of attacks. And also, do not forget to use strong passwords for your Remote Desktop Connection accounts too.
Step 1: Reboot your computer into Safe Mode with Command Prompt by pressing F8 a couple of times until the Advanced Options menu appears.
Step 2: Navigate to Safe Mode with Command Prompt using the arrow keys on your keyboard. After selecting Safe Mode with Command Prompt, hit Enter.
Step 3: After loading the Command Prompt type cd restore and hit Enter.
Step 4: After cd restore, type in rstrui.exe and hit Enter.
Step 5: A new window will appear, and then click Next.
Step 6: Select any of the Restore Points on the list and click Next. This will restore your computer to its previous state before being infected with the SynAck Ransomware.
Step 7: A dialog box will appear, and then click Next.
Step 8: After the system restore process; download SpyRemover Pro to remove any remaining files or residues of the SynAck ransomware.
Step 9: Try to recover your encrypted files.
Restoring your encrypted files using Windows’ Previous Versions feature will only be effective if the evil ransomware hasn’t deleted the shadow copies of your files. But still, this is one of the best and free methods there is, so it’s definitely worth a shot.
To restore the encrypted file, right-click on it and select Properties, a new window will pop-up, then proceed to Previous Versions. It will load the file’s previous version before it was modified. After it loads, select any of the previous versions displayed on the list like the one in the illustration below. And then click the Restore button.
Follow the continued advanced steps below to ensure the removal of the SynAck ransomware:
Perform a full system scan using SpyRemover Pro.
- Turn on your computer. If it’s already on, you have to reboot
- After that, the BIOS screen will be displayed, but if Windows pops up instead, reboot your computer and try again. Once you’re on the BIOS screen, repeat pressing F8, by doing so the Advanced Option shows up.
- To navigate the Advanced Option use the arrow keys and select Safe Mode with Networking then hit
- Windows will now load the Safe Mode with Networking.
- Press and hold both R key and Windows key.
- If done correctly, the Windows Run Box will show up.
- Type in explorer http://www.fixmypcfree.com/install/spyremoverpro
A single space must be in between explorer and http. Click OK.
- A dialog box will be displayed by Internet Explorer. Click Run to begin downloading SpyRemover Pro. Installation will start automatically once download is done.
- After all the infections are identified, click REMOVE ALL.
- Register SpyRemover Pro to protect your computer from future threats.