Hello, how are you? This time we are going to talk about security in Windows 10. Specifically about the ransomware is known as Snatch. Ransomware is a type of malware whose purpose is to block the use of a computer or part of the information stored on it. This way the user cannot access the data or the computer itself. Consequently, the attacker asks for a monetary ransom in order to be able to access the information. Well, in the last few hours it has transpired that ransomware Snatch has refined its attack mode. The method consists of restarting the PCs you have just infected in safe mode. This a way of booting Windows used to diagnose a problem and resolve software conflicts. Let’s see how the new variant of Snatch ransomware threatens Windows 10.
This is the new Snatch mode.
It does not cease to surprise the evolution of computer attackers to violate the systems. It is well known that during the safe mode, some antivirus programs do not work. In this way, many problems are solved, but there is also a security gap. Snatch programmers have discovered that by using a key in the Windows registry they are able to program the restart in this mode.
It was Sophos Lab’s team that discovered how this new modality works. They declare that it is an effective technique and that it could be copied by other ransomware. For that reason, they made the information public so that preventive measures can be taken in the future. Now, this ransomware has been attacking since 2018. What is new is this safe mode reboot mode. Additionally, it does not attack home users and is not massively propagated by spam campaigns. On the contrary, they carefully choose their targets among large companies and government organizations. However, Snatch is refining its techniques by not only extorting money but also stealing data with the intention of then filtering it online.
We have finally seen how the new variant of Snatch ransomware threatens Windows 10. For that reason, I advise you to redouble your security measures when surfing the Internet. It is always advisable to be aware of the sites you visit and the files you open. All right, that’s it for now. Before saying goodbye I invite you to review our post on Codeblocks in Windows