Snatch is a lesser-known ransomware group, but the warning from the authorities suggests it is worth taking seriously.
The cybercriminals behind Snatch specialize in “double extortion,” which means they not only encrypt your data but also exfiltrate it and threaten to publish or sell it if their extortion demands are not met.
Snatch has targeted various sectors related to critical infrastructure, including the defense industry, food and agriculture, and IT sector.
The group has been operating since 2018, using command-and-control servers hosted in Russia and exploiting weaknesses in Remote Desktop Protocol and stolen passwords to gain access to victims’ networks.
Snatch has been increasing its attacks recently, and they have even purchased data stolen by other ransomware gangs to further exploit their victims.
To protect your business from ransomware attacks like Snatch, it is important to follow safe computing practices such as making secure offsite backups, using up-to-date security solutions, implementing network segmentation, using strong passwords and multi-factor authentication, encrypting sensitive data, disabling unnecessary functionality, and educating staff about the risks and methods used by cybercriminals.
Taking ransomware threats seriously is crucial to avoid costly consequences for your organization.
Key Points:
– The FBI and CISA have issued a warning about a ransomware group called Snatch.
– Snatch specializes in “double extortion,” encrypting data and exfiltrating it for extortion demands.
– The group targets critical infrastructure sectors, including defense, food and agriculture, and IT.
– Snatch has been operating since 2018 and uses Remote Desktop Protocol weaknesses and stolen passwords to gain access.
– They have recently stepped up their attacks and purchased data stolen by other ransomware gangs.
– To protect your business, follow safe computing practices and educate staff about the risks of ransomware.