SynAck Ransomware Sees Huge Spike in Activity

[LASER_oneXM]

SynAck campaigns amplify after a month
Activity from SynAck was never at alarming levels, but the ransomware made victims on a daily basis all last month.

A huge spike in activity was detected this week, as nearly 100 victims used the ID-Ransomware service to detect what ransomware had infected their PC, only to find out it was SynAck.

Most likely spread via RDP, targeting businesses
Experts believe the group behind SynAck uses RDP brute-force attacks to access remote computers and manually download and install the ransomware. Victims who posted about SynAck infections in the Bleeping Computer SynAck Help Topic reported infections on Windows Server machines and enterprise networks.

A user who contacted the SynAck author shared the email response he received from the ransomware's operator(s).
************************************************************************************************************************
*The cost of the decoder is $ 2100
*We accept money only in bitcoins since this is the most anonymous currency in the world.
*To buy bitcoins, we recommend using one of these services: https://www.bestchange.comor localbitcoins.com
*To create a purse, this: blockchain.info
*Transfer funds to this address:15n6gV8QUBsy2yh7wqLppWG4Fw4gsUTNAj
*Afte r payment send us a link to the transaction or the address of your wallet and after receiving 3 confirmations we will send you a decoder.
********************************************************************************************************************************

The Bitcoin wallet listed in the email holds 98 Bitcoin in funds, which is over 425,000, at the time of writing. Funds often move in and out of this account, which may be associated with a possible RaaS (Ransomware-as-a-Service) operation, where another group takes its cut and then forwards the rest of the funds to people who rent and distribute the ransomware.