SynAck targets Windows OS and is distributed manually across networks via Remote Desktop Protocol (RDP) compromise. Once SynAck infects a system, it appends ten random alpha characters to the name of each encrypted file and drops a ransom note named RESTORE_INFO-[alphanumeric ID number].txt. It does not change the desktop wallpaper. Although the ransom payment amount is not listed on the ransom note, one victim who posted on the Bleeping Computer support forum received a ransom demand of $2100 worth of Bitcoin after he contacted the hacker.

Email addresses associated with SynAck:,,,,,,

Bitcoin wallet addresses associated with SynAck:

  • Bleeping Computer provides more information about SynAck here.
  • The NJCCIC is not aware of any free decryption tools available for SynAck.