Snatch: a new ransomware stalks Windows computers by taking advantage of Safe Mode

Safe Mode… not so safe

Snatch is a threat that is not based on a specific flaw in the computer's software, but rather takes advantage of a series of exploitsthanks to which it manages to infect the PC and then demand a ransom from the victim. From Sophos they affirm that they have seen this exploit appear 12 times over the last 3 months.

The operation of Snatch, once the computer enters Safe Mode, what it does is encrypt the information that we have stored on the PC and then ask for a ransomfor whose payment we must use bitcoins. According to the discovery team, the ransom required typically ranges from $2,999 to $51,000.

According to Sophos, Snatch can run on most common versions of Windows from Windows 7 to Windows 10 and both 32-bit and 64-bit versions.Systems other than Windows appear to be unaffected And to help avoid a possible infection, they give a series of tips:"

To begin with, they warn companies to not expose the Remote Desktop interface to the unprotected Internet and, if necessary, make use of of a VPN on the network.
They also focus on the use of remote access services, such as VNC and TeamViewer.
Another interesting step is to implement two-factor authentication for users with administrative privileges and thus make it more difficult for attackers to break into brute force those account credentials.

They recommend that companies carry out a regular and exhaustive inventory of the devices they have connected to avoid risks in their network, since the Snatch threat was executed after several days in which the threat was not detected.

Source | Life Hacker More information | Sophos

Table of contents:

Safe Mode… not so safe

Editor's choice