Call Us Today at: 503-850-3055

Ransomware Bypasses Antivirus with Innovative New Tactics

December 20, 2019BlogNo Comments »

Ransomware Bypasses

Researchers at SophosLabs have discovered a new threat to be on the alert for: a variant of the Snatch ransomware. This antivirus evasion ransomware uses innovative tactics to bypass traditional security measures, making it a significant concern for organizations and individuals alike.

How Snatch Bypasses Antivirus Software

Disguised as a backup utility, this antivirus evasion ransomware forces the infected Windows PC to reboot in Safe Mode during installation. This tactic is effective because, in Safe Mode, the machine operates with a limited set of drivers and capabilities, which do not include antivirus software. Without antivirus protection running, the ransomware installs undetected. Once installed, Snatch encrypts the files on the system, rendering them unusable.

Additional Threats Posed by Snatch

Snatch doesn’t stop at encrypting files. It also attempts to delete all Volume Shadow Copies on the system, preventing forensic recovery of the encrypted files. To make matters worse, the malware roots through the system, stealing a wide range of data files and sending them to a command and control server. This dual-threat behavior—encrypting and exfiltrating data—makes Snatch a dangerous example of antivirus evasion ransomware.

Technical Details

Snatch can operate on Windows versions 7 through 10, in both 32 and 64-bit configurations. Written in Go, a programming language popular for creating cross-platform applications, Snatch has the potential to expand its reach. While it currently targets Windows-based machines, its developers could easily adapt it to infect other operating systems.

Hackers’ Ambitions with Snatch

The hackers controlling Snatch appear to have ambitious plans. They’re actively advertising on underground forums on the Dark Web, seeking affiliates to partner with. These affiliates may include hackers or disgruntled employees with insider credentials who can plant the malware within large organizations.

Prepare for a Potential Campaign

Although no widespread campaigns involving Snatch have been reported yet, researchers believe it’s only a matter of time. Businesses must stay vigilant, train staff to recognize suspicious activities, and ensure that their cybersecurity measures are robust enough to counteract threats like antivirus evasion ransomware.

Used with permission from Article Aggregator

Leave a Reply