Snatch malware is a nasty piece of malware that can bypass Windows 10 security. It’s currently targeting businesses. The malware comprises a ransomware variant known as Snatch and a data stealer component.
Security researchers from Sophos reckon that the malware has been modified recently to effectively bypass Windows 10 security measures. According to the security experts, the Snatch executable forces the infected Windows machine to reboot immediately into Safe Mode before doing anything else.
Sophos researchers think the malware is designed in such a way as to circumvent corporate network security endpoint protections, including various antivirus software, that does not run on Safe Mode.
Cyber-criminals behind the Snatch Malware
Sophos reports that the Snatch malware is the work of a group calling themselves the “Snatch Team” on various dark web message forums.
The cyber-criminal group has been posting seeking “affiliate partners” and network access intelligence for use in automated brute-force attacks against networks.
Snatch Team Motives
The Snatch Team seems to only target corporate networks rather than consumers. Their adverts on dark web boards seeking affiliate partners and looking for vulnerable systems support this notion.
Incidentally, Snatch looks for exposed services, such as the Remote Desktop Protocol (RDP). It’s the same attack vector for the Windows Bluekeep malware we’ve talked about.
Attacks have been targeted against organizations in the U.S., Canada, and European countries. Targeting corporate institutions rather than home users help the Snatch team fly under the radar.
What does the malware do on Windows 10?
The Snatch malware is particularly cunning. In addition to the usual ransomware behavior of encrypting files, Snatch goes ahead and deletes all shadow copies of files to prevent forensic recovery of encrypted files.
It’s also capable of stealing massive amounts of data from target organizations.
If those aren’t bad enough, the Snatch malware is capable of installing surveillance software on machines on an infected network.
How to Protect Your PC Against the Snatch Malware
Snatch malware runs on most versions of Windows, including Windows 7 32-bit and 64-bit versions. To protect your organization’s network:
- Don’t expose the RDP interface to the unprotected internet
- Implement multi-factor authentication for users with admin privileges.
While the malware currently targets corporate users, home users must prepare. They should take steps to protect themselves by applying the same malware mitigation basics that apply to businesses.
These include: keep your computer up to date at all times. Also, keep your anti-virus updated at all times.