Tag Archive for: Synack

SynAck ransomware group releases decryption keys as they rebrand to El_Cometa

/in


The SynAck ransomware gang has released decryption keys for victims that were infected between July 2017 and 2021, according to data obtained by The Record. 

SynAck is in the process of rebranding itself as the El_Cometa ransomware gang and a member of the old group gave the keys to The Record. 

Emsisoft’s Michael Gillespie confirmed the veracity of the decryption keys and said they are working on their own decryption utility that they believe will be “safer and easier to use” because there are concerns that SynAck victims may damage their files further using the provided keys. 

Ransomware expert Allan Liska told ZDNet that the SynAck ransomware group started right before Ransomware-as-a-service began to take off in 2018. 

“So they never outsourced their ransomware activities. While they continued attacks, there weren’t nearly as many as groups like Conti or REvil were able to conduct, so they got lost in the shuffle,” Liska said. “They also didn’t hit any really big targets.”

A Kaspersky Lab report in 2018 said SynAck differentiated itself in 2017 by not using a payment portal and instead demanding victims arrange payment in Bitcoin through email or BitMessage ID. 

They generally demanded ransoms around $3,000 and gained notoriety for using the Doppelgänging technique, which targets the Microsoft Windows operating system and is designed to circumvent traditional security software and antivirus solutions by exploiting how they interact with memory processes.

There is little data on victims of the ransomware group but Kaspersky Lab researchers said they observed attacks by the gang in the US, Kuwait, Germany and Iran.

“The ability of the Process Doppelgänging technique to sneak malware past the latest security measures represents a significant threat; one that has, not surprisingly, quickly been seized upon by attackers,” said Anton Ivanov, lead malware analyst at Kaspersky Lab. 

“Our research shows how the relatively low profile, targeted ransomware SynAck used the technique to upgrade its stealth and infection capability. Fortunately, the…

Source…

LockBit updates. Trend Micro warns of Apex exploitation. PrintNightmare remains a problem. ReverseRat evolves, SynAck rebrands.

/in


Attacks, Threats, and Vulnerabilities

Suspected Pakistani actor modifies its custom remote access trojan with nefarious new capabilities (PR Newswire) Black Lotus Labs, the threat intelligence arm of Lumen Technologies (NYSE: LUMN), today announced that ReverseRat – the remote access trojan it…

ReverseRat Reemerges with a (Night)Fury New Campaign and New Developments, Same Familiar Side-Actor – Lumen (Lumen) We have continued to track this actor and recently uncovered an updated version of the ReverseRat agent, which we are calling ReverseRat 2.0.

Pakistan’s cyber-attack malware mutates, adopts nefarious new capabilities  (India Today) A Pakistan-originated malware that previously targeted the power sector and government organisations in India and Afghanistan, has developed the ability to adopt new cyber-attack capabilities. 

Threat Thursday: Ficker Infostealer Malware (BlackBerry) Ficker is a Malware-as-a-Service (MaaS) information stealer that targets victims’ web browsers, credit card information, crypto-wallets and FTP clients. The malware can also download additional malware once a system is successfully compromised.

Crypto-mining botnet modifies CPU configurations to increase its mining power (The Record by Recorded Future) A crypto-mining botnet is modifying CPU configurations on hacked Linux servers in order to increase the performance and output of its cryptocurrency mining code.

Trend Micro Confirms In-the-Wild Zero-Day Attacks (SecurityWeek) Security vendor Trend Micro has issued a warning for in-the-wild zero-day attacks hitting customers using its Apex One and Apex One as a Service products.

Hackers tried to exploit two zero-days in Trend Micro’s Apex One EDR platform (The Record by Recorded Future) Cyber-security firm Trend Micro said hackers tried to exploit two zero-day vulnerabilities in its Apex One EDR platform in an attempt to go after its customers in attacks that took place earlier this year.

Ransomware group demanding US$50M in Accenture security breach: cyber firm (CRN Australia) According to dark web and cybercrime monitoring firm.

Ransomware Gang Leaks Files Allegedly Stolen From Accenture (SecurityWeek) Accenture has confirmed being targeted by…

Source…

Variant of SynAck Malware Adopts Doppelgänging Technique

/in

  1. Variant of SynAck Malware Adopts Doppelgänging Technique  Threatpost

  2. SynAck Ransomware Gets Dangerous ‘Doppleganging’ Feature  Dark Reading
  3. SynAck ransomware circumvents antivirus software through Doppelgänging technique  ZDNet

    4. Full coverage

malware news – read more