SynAck targets Windows OS and is distributed manually across networks via Remote Desktop Protocol (RDP) compromise. Once SynAck infects a system, it appends ten random alpha characters to the name of each encrypted file and drops a ransom note named RESTORE_INFO-[alphanumeric ID number].txt. It does not change the desktop wallpaper. Although the ransom payment amount is not listed on the ransom note, one victim who posted on the Bleeping Computer support forum received a ransom demand of $2100 worth of Bitcoin after he contacted the hacker.
Email addresses associated with SynAck:
firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org
Bitcoin wallet addresses associated with SynAck:
- Bleeping Computer provides more information about SynAck here.
- The NJCCIC is not aware of any free decryption tools available for SynAck.