What is the Snatch Ransomware?

Researchers have discovered a new strain of the Snatch ransomware, which reboots Windows PCs in Safe Mode to bypass antivirus software.

First appearing at the end of 2018, the Snatch ransomware is a crypto virus, and attacks high profile targets like the hosting provider SmarterASP.net. But a new strain of Snatch has appeared in the wild, and it’s unique. Hackers are constantly looking for new and novel ways to distribute ransomware, but these are few and far between. The trick employed here involves users’ machines being rebooted into Safe Mode, and then encrypting files. This trick works because some antivirus packages do not start in Safe Mode. The authors of the Snatch ransomware discovered that they could use a Windows registry key to boot into Safe Mode, allowing the ransomware to run without the risk of being detected by antivirus software.

After the files are encrypted, the Snatch ransomware drops a ransom note in the form of a text file named Readme_Restore_Files.txt, demanding between 1 and 5 Bitcoin in return for the decryption key. For reference, 1 Bitcoin is currently worth around £5,573. The Snatch ransomware initially targeted regular users with spam emails, but since March 2019, has targeted corporations instead, sometimes naming their ransom notes with the company’s name.

Snatch ransomware files, currently, are not decryptable, as the malware developers use sophisticated AES encryption. If your machine has become infected with the Snatch ransomware and your files encrypted, your best course of action is to restore your files from a recent backup. Paying the ransom not only encourages this increasingly lucrative strand of cyber criminality, but there’s no guarantee you’ll even get your data back at all. If you don’t have an up-to-date backup, there isn’t a lot you can do other than sit on your data until security experts create a decrypter for the Snatch ransomware – which could take years. To protect yourself from ransomware attacks, avoid opening email attachments from untrusted sources, especially emails that have been sent to your Junk folder. Always download software from trusted sources.

Snatch Ransomware