Ransomware
Snatch
First seen: 2018-12 • Status: active
Currently Active Threat
Snatch is clever - it restarts your computer into Safe Mode where antivirus does not work, then encrypts all your files.
Overview
Snatch ransomware reboots Windows into Safe Mode to evade security software before encrypting files.
Also Known As
Snatch Team
How It Spreads
- • RDP brute force
- • Valid credentials
What It Does
- • Safe Mode evasion
- • File encryption
- • Data theft
Is your business exposed?
Target Platforms
Windows
Detection Tips
- • Monitor for Safe Mode boots
- • Watch for Snatch TTPs
MITRE ATT&CK Techniques
T1486, T1562
If You're Infected
- 1.
Secure RDP access
- 2.
Enable Safe Mode protections
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required