Search Tools Links Login

CISA and FBI Alert: Snatch Ransomware Threats


The U.S. Cybersecurity and Infrastructure Agency (CISA) in collaboration with the Federal Bureau of Investigation (FBI) have released a security notice concerning the Snatch ransomware. This warning is a component of their #StopRansomware initiative, aiming to detail the active ransomware's tactics, techniques, and procedures (TTP) and its indicators of compromise (IOC). The goal is to better equip organizations against such threats.

Though Snatch emerged in 2018, the information shared by CISA and the FBI is fairly recent, with some findings from as recent as early June of this year. According to the alert, Snatch operates on a ransomware-as-a-service basis, allowing various cybercriminal groups to utilize its encryption tools and infrastructure for their malicious campaigns.

The actors behind Snatch have continuously adapted their strategies. Nevertheless, their primary approach has been consistent with common cybercriminal practices – first, they extract and encrypt crucial data and then demand a ransom for a decryption key and assurance against data leaks in the dark web.

Both the FBI and CISA are urging entities to heed the mitigation measures highlighted in their advisory to diminish the risks and consequences of such ransomware incidents.

A noteworthy revelation in December 2019 found Snatch ransomware rebooting infected systems into Safe Mode to evade security defenses. This tactic was identified by the Sophos Managed Threat Response and SophosLabs teams, pointing out that security mechanisms are inactive in Safe Mode, allowing unhindered encryption by Snatch.

Recent victims of Snatch, as reported by SiliconANGLE, include entities like the Florida Department of Veteran’s Affairs, Zilli, CEFCO Inc., South African Department of Defense, and Briars Group Ltd.

Lastly, Michael Mumcuoglu, the CEO of posture management firm CardinalOps Ltd., remarked to the aforementioned publication that Snatch's activity surged significantly over the preceding 18 months.

About this post

Posted: 2023-09-21
By: dwirch
Viewed: 330 times

Categories

Security

News

Attachments

No attachments for this post


Loading Comments ...

Comments

No comments have been added for this post.

You must be logged in to make a comment.