Sequretek Advisory - Snatch Ransomware

Snatch Ransomware uses Windows Safe Mode and privileged service to bypass AV tools.

Snatch is a ransomware-as-a-service operation, and its affiliates have compromised a range of critical infrastructure sectors, including defense industrial base companies, food and agriculture, and IT firms.

This ransomware will force Windows to reboot in Safe Mode (where most of the software and system drivers will not be running) in order to perform the file encryption process.

Similar to the other variants of ransomware, it will also perform the deletion of volume shadow copies to ensure all the data cannot be restored easily.

Sign Up Here for Download