06 January, 2020
Snatch Ransomware evades antivirus by rebooting safe mode
Article: Cyber Security
Cyber security experts track a new version of the Snatch ransomware which reboots compromised Windows computers into Safe Mode only to avoid antivirus and invades user's files 'safely'.
Cyber security experts have tracked a new version of the Snatch ransomware which reboots compromised Windows computers into Safe Mode only to avoid antivirus and invades user's files 'safely'.
Although Snatch was active since the summer of 2018,if not earlier, SophosLabs researchers could spot the Safe Mode enhancement to this ransomware strain not before the recent cyber attacks against various organizations they looked into.
According to the researchers, Snatch ransomware runs in the safe mode because in the diagnostic mode Windows operating system starts with a minimal set of drivers and services without loading most of the third-party startup programs, including antivirus software.
Snatch, apart from being a ransomware is also a data stealer. It is installed with such a powerful data stealing module that it is able to siphon enormous amount of data from an array of organizations whichever its targets.
Though Snatch is written in Go which is the programming language used most widely for cross-platform app development, it is engineered in a way so that it runs only on windows platform. The Snatch designers also work with third party hackers who have underhand entries to organizations with big databases where they collaboratively employ the dreaded Ransomware to wreck havoc. The attackers first intrude into the organization's internal network by brute force or stolen data then execute several legitimate system administrators and penetration testing tools to compromise data bases.
Cove ware, the entity which settles the deal between the victims and the hackers, says they tried coming to a stand with the Snatch makers “on 12 occasions between July and October 2019 on behalf of their clients" with the ransom changing between $2,000 to $35,000 in bitcoins.
To avoid falling prey to Snatch companies are advised not make their critical information go public via the internet and also secure their data bank with strong and multi authentication passwords.
The world of cyber security is a precarious one as it is constantly being bombarded with dark intentions of international hackers. In this risky environment an experienced anti hacking auditing firm helps an organization immensely in overcoming cyber threats. ISOAH has been helping India be a hacking free nation for the longest time.
