When it comes to the world of cybersecurity, the FBI and CISA have a reputation for issuing timely alerts, especially when the threat severity is high. Their latest warning revolves around the notorious Snatch ransomware-as-a-service gang.
In their advisory, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) shed light on Snatch, a ransomware-as-a-service operation that has been active since 2018. Over the years, Snatch has honed in on various sectors, including software, U.S. defense, food, and agriculture.
This criminal syndicate has garnered notoriety by executing high-profile attacks on entities such as South Africa’s Department of Defense, the City of Modesto in California, Saskatchewan Airport in Canada, and London’s Briars Group, among others.
What sets Snatch apart is its menacing practice of double extortion. In addition to encrypting victim data, they manage to acquire stolen data from other ransomware gangs. They then issue a chilling ultimatum to their victims: comply with their ransom demands or witness their sensitive data being exposed on an extortion blog.
One particularly intriguing aspect of Snatch is its technical prowess. The malware is designed to force infected Windows systems into Safe Mode before encrypting files. This clever tactic hinders the timely detection of the malware by anti-malware solutions.
Notably, Snatch has recently taken a deviation from its established pattern. It is now showing a keen interest in targeting non-American companies operating within the United States, with a pronounced focus on entities from the Asian continent. This shift underscores the evolving nature of cyber threats in an increasingly interconnected world.