. home.aspx



SynAck Ransomware Uses Doppelganging Technique

May 08, 2018 / eWEEK Staff

Though known since September 2017, SynAck ransomware has a new variant found to be using Process Doppelgänging. According to Kaspersky Lab researchers who discovered the ransomware Trojan bypassing antivirus security by hiding in legitimate processes, this is the first time the Doppelgänging technique has been seen in ransomware in the wild. First presented at the BlackHat Europe conference in December 2017, Process Doppelgänging is a sophisticated technique attackers use to bypass modern security solutions. “The developers behind SynAck also implement other tricks to evade detection and analysis, obfuscating all malware code prior to sample compilation and exiting if signs suggest it is being launched in a sandbox,” Kaspersky Lab wrote in today’s press release. The technique launches what appears to be a legitimate process from the transacted file, though it is actually malicious. Malware developers are known to use custom PE packers that protect the o...