Researchers discover ‘Snatch’ ransomware attack that circumvents endpoint protection on your PC | Tech News

Researchers discover ‘Snatch’ ransomware attack that circumvents endpoint protection on your PC

Snatch is an automated active attack which allows hackers to gain access by abusing remote access services.

| Updated on: Aug 20 2022, 18:53 IST
Sophos discovers a new iteration of Snatch ransomware
Sophos discovers a new iteration of Snatch ransomware (Sophos)

Security researchers have discovered a new ransomware attack which allows cybercriminals to reboot Windows PCs into Safe Mode to bypass protection. Researchers believe the new technique, dubbed as 'Snatch', is aimed at circumventing the endpoint protection which doesn't run in the Safe Mode.

"The ransomware, which calls itself Snatch, sets itself up as a service that will run during a Safe Mode boot. It then quickly reboots the computer into Safe Mode, and in the rarefied Safe Mode environment, where most software (including security software) doesn't run, Snatch encrypts the victims' hard drives," said Sophos Managed Threat Response (MTR) team and SophosLabs researchers in a post.

You may be interested in

MobilesTablets Laptops
Apple iPhone 15 Pro Max
  • Black Titanium
  • 8 GB RAM
  • 256 GB Storage
28% OFF
Samsung Galaxy S23 Ultra 5G
  • Green
  • 12 GB RAM
  • 256 GB Storage
Google Pixel 8 Pro
  • Obsidian
  • 12 GB RAM
  • 128 GB Storage
Apple iPhone 15 Plus
  • Black
  • 6 GB RAM
  • 128 GB Storage

Researchers said they first discovered the Snatch ransomware about one year ago. The ransomware has been active since 2018 summer but the Safe Mode technique is the latest addition.

Also read
Looking for a smartphone? To check mobile finder click here.

"What we refer to as Snatch malware comprises a collection of tooling, which include a ransomware component and a separate data stealer, both apparently built by the criminals who operate the malware; a Cobalt Strike reverse-shell; and several publicly-available tools that aren't inherently malicious, but used more conventionally by penetration testers, system administrators, or technicians," it added.

ALSO READ: 2020 cyberthreat watchlist: Keep an eye out for the rise of deepfakes, ransomware

According to the security experts, Snatch targets insecure IT remote access services such as Remote Desktop Protocol (RDP). The report adds that the ransomware attack is also discussed on the dark web forums.

Security researchers recommend users and enterprises to use newer age technologies such as machine or deep learning to reduce risks from such ransomware attacks. The IT administrators should also identify remote accesses are exposed to the public internet. In the case of compulsory remote access, admins should implement VPN for multi-step authentication.

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 06 Jan, 16:16 IST