Most likely spread via RDP, targeting businesses
Experts
believe the group behind SynAck uses RDP brute-force attacks to access remote computers and manually download and install the ransomware. Victims who posted about SynAck infections in the Bleeping Computer
SynAck Help Topic reported infections on Windows Server machines and enterprise networks.
A user who contacted the SynAck author shared the email response he received from the ransomware's operator(s).
************************************************************************************************************************
*The cost of the decoder is $ 2100
*We accept money only in bitcoins since this is the most anonymous currency in the world.
*To buy bitcoins, we recommend using one of these services:
https://www.bestchange.comor localbitcoins.com
*To create a purse, this: blockchain.info
*Transfer funds to this address:15n6gV8QUBsy2yh7wqLppWG4Fw4gsUTNAj
*Afte r payment send us a link to the transaction or the address of your wallet and after receiving 3 confirmations we will send you a decoder.
********************************************************************************************************************************
The Bitcoin wallet listed in the email holds 98 Bitcoin in funds, which is over 425,000, at the time of writing. Funds often move in and out of this account, which may be associated with a possible RaaS (Ransomware-as-a-Service) operation, where another group takes its cut and then forwards the rest of the funds to people who rent and distribute the ransomware.
Trust Wallet says 2596 wallets drained in $7 million crypto theft attack
A Huge Crypto Exchange Has Been Breached: Here's How to See if Your Data Was Exposed
LockBit ransomware gang claims to have hacked US Federal Reserve
The Week in Ransomware - May 17th 2024 - Mailbombing is back
CFPB Quietly Kills Rule to Shield Americans From Data Brokers