Synack: The ransomware that injects code undetected by the antivirus

Security experts have discovered the new ransomware that has carried out several attacks. It is a variant that makes use of a very special technique when attacking. Because Process Doppelgänging operates, which means it can inject code without being detected by antivirus software. This ransomware affects all current versions of Windows.

Synack: The ransomware that injects code undetected by the antivirus, Synack: The ransomware that injects code undetected by the antivirus, Optocrypto

Synack: The ransomware that injects code undetected by the antivirus

It basically creates a malicious process on the computer. So it replaces the memory of a legitimate process and deceives the system in this way. It has been detected by Kaspersky Lab, which confirms that it is a variant of SynAck.

New ransomware

SynAck was first detected last year, back in September. It is known to make use of complex obfuscation techniques. Although the researchers were able to decompress their files and all the information was published. In addition, there are several countries that are not affected, such as Russia, Ukraine, Belarus or Georgia.

This ransomware is dedicated to analyzing the keyboard configuration that the user has installed on his computer. It then compares it with the list of malware files. If it finds matches, a command is launched that prevents encryption. But if there aren’t, it runs.

So far, countries like Germany or the United States have been affected by this SynAck attack. The extent of these attacks is not yet known. But so far it seems to be still active, albeit to a lesser extent. So we will have to be aware of more news about this ransomware.