Ransomware is software that infects computers in businesses and in homes, then it encrypts files and threatens that unless a ransom is paid (usually by Bitcoin) that the decryption key necessary to restore the files will not be provided. Many people and businesses have been caught out by this and in some cases lost a great deal of money and/or valuable documents, photos etc.
Now, there is a nastier than usual form of this software called Snatch Ransomware.
This ransomware uses a trick to bypass antivirus software and is able to encrypt files without being detected.
The trick they use causes the computer to reboot into safe mode without any anti-virus protection then the ransomware can go about encrypting files without being blocked.
Safe mode on a PC is designed for when the computer is not running correctly and it enables testing, fixing and restore. However, the criminals behind Snatch are using this mode to prevent anti-virus protection running.
The Snatch criminals use legitimate systems tools to access badly protected systems. This is unusual as most ransomware criminals access as quickly as possible, encrypt whatever files can be found and move on.
The number of Snatch victims so far appears to be very small. Coverware is a company that specializes in extortion negotiations between ransomware victims and attackers and they have handled ransom payments for Snatch ransomware infections on 12 occasions between July and October 2019. The payments ranged from $2,000 to $35,000.
Keep your protection up to date.
Do leave a comment on this post – click on the post title then scroll down to leave your comment.