SynAck has been around since September 2017 but the new variant has some added functions which make it able to operate below the radar.
It uses the Process Doppelgänging technique, basically a way in which malicious code is disguised as a legitimate Windows process. The technique was demonstrated at the Black Hat Europe security conference in December 2017 by the firm enSilo.
In describing the technique, enSilo said: "(It) allows bypassing real-time file scanning of all tested AV and NGAV products on Microsoft Windows starting from Windows Vista."
They said the ransomware used Process Doppelgänging to avoid being detected by security software.
Additionally, the new variant was compiled with additional code in order to make the task of decompilation and reverse engineering more difficult.
On infected systems, the ransomware at times adds custom text to the Windows log-on screen (screenshot above).
Screenshot: courtesy Kaspersky Lab