If your business or home PCs are running on a Windows 10 operating system (OS), you should be careful of Snatch, a new strain of ransomware that can easily bypass its security protocols. Discovered by a research team in Sophos, this malware can slip through Windows 10’s security software by rebooting your computer in Safe Mode and disabling security programs from starting.
Who’s behind the Snatch ransomware?
According to the report released by Sophos, the threat actors responsible for the Snatch ransomware call themselves the Snatch Team on dark web message forums. The researchers observed this team posting appeals for affiliate partners on Russian language message forums. The cybercriminal group is looking to purchase network access intelligence so they can launch automated brute force attacks against unsuspecting enterprises.
What does Snatch do?
When this malware infects your computer, it installs a Windows service called SuperBackupMan. The SuperBackupMan is then executed, allowing hackers to use administrator access to run the BCDEDIT tool and force your computer to restart in Safe Mode. After restarting, Snatch then uses the Windows command vssadmin.com to erase all the Volume Shadow Copies on your system. This prevents you from recovering the files locked by this ransomware.
Aside from encrypting your data, Snatch is also capable of installing surveillance software, as well as stealing important business and personal information.
The severity of the risk posed by Snatch is something you should not ignore. Building a solid and secure network is not enough to protect your business from ransomware. Hackers are always looking for new ways to gain access to your system, which is why your security software solutions, backups, strategy, and training should adapt and keep up. VortexShield's home and business endpoint security with monitoring and response is a good start at protecting your home or business. If you want to learn more about how we can protect your network security, contact us today.