Ransomware Group

Snatch

Also known as: Snatch Ransomware

Status: active • First seen 2018-12200+ known victims

Snatch uses a clever trick - rebooting your computer to Safe Mode so antivirus can't stop them.

Overview

Snatch is known for rebooting Windows into Safe Mode to bypass security software.

Target Industries

Manufacturing, IT, Defense

How They Attack

  • RDP brute force
  • Safe Mode boot
  • Credential theft

Notable Victims

Volvo Cars (2021)

Is your business exposed?

How to Protect Against Snatch

  1. 1.

    Monitor for Safe Mode reboots

MITRE ATT&CK Techniques

T1486, T1562, T1021

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices