SynAck

SynAck targets Windows OS and is distributed manually across networks via Remote Desktop Protocol (RDP) compromise. Once SynAck infects a system, it appends ten random alpha characters to the name of each encrypted file and drops a ransom note named RESTORE_INFO-[alphanumeric ID number].txt. It does not change the desktop wallpaper. Although the ransom payment amount is not listed on the ransom note, one victim who posted on the Bleeping Computer support forum received a ransom demand of $2100 worth of Bitcoin after he contacted the hacker.

Email addresses associated with SynAck:
synack@secmail.pro, synack@scryptmail.com, synack@countermail.com, synack@xmail.net, synack@cock.li, tyughjvbn13@scryptmail.com, bubkjdws@scryptmail.com

Bitcoin wallet addresses associated with SynAck:
15n6gV8QUBsy2yh7wqLppWG4Fw4gsUTNAj

  • Bleeping Computer provides more information about SynAck here.
  • The NJCCIC is not aware of any free decryption tools available for SynAck.