Call Us Today at: 503-850-3055

Ransomware Uses New Method To Get Past Antivirus Programs

December 20, 2019BlogNo Comments »

Past Antivirus Programs

Researchers at SophosLabs have discovered a new threat to be on the alert for: a variant of the Snatch ransomware. This sophisticated malware employs innovative tactics to bypass antivirus software, making it a significant concern for businesses and individuals alike. Understanding effective ransomware protection strategies is critical to mitigating the risks posed by such advanced threats.

How Snatch Bypasses Antivirus Software

Disguised as a backup utility, Snatch forces the infected Windows PC to reboot in Safe Mode during installation. This works because, in Safe Mode, the machine runs with a limited set of drivers and capabilities that do not include antivirus software. Without antivirus protection running, the malware installs undetected. Once installed, Snatch encrypts the files on the system, rendering them unusable.

Additional Threats Posed by Snatch

Snatch doesn’t stop at encrypting files. It also attempts to delete all Volume Shadow Copies on the system, preventing forensic recovery of the encrypted files. To make matters worse, the malware roots through the system, stealing a wide range of data files and sending them to a command and control server. This dual approach—encrypting and exfiltrating data—highlights the importance of adopting robust ransomware protection strategies to safeguard sensitive information.

Technical Details

Snatch can operate on Windows versions 7 through 10, in both 32 and 64-bit configurations. Written in Go, a programming language popular for creating cross-platform applications, Snatch has the potential to expand its reach. While it currently targets Windows-based machines, its developers could easily adapt it to infect other operating systems.

The Hackers’ Ambitions

The hackers controlling Snatch appear to have ambitious plans. They are actively advertising on underground forums on the Dark Web, seeking affiliates to partner with. These affiliates may include hackers or disgruntled employees with insider credentials who can plant the malware within large organizations. This highlights the need for proactive ransomware protection strategies to counter potential threats.

Prepare for Potential Campaigns

Although no widespread campaigns involving Snatch have been reported yet, researchers believe it’s only a matter of time. Businesses must stay vigilant, train staff to recognize suspicious activities, and ensure that their cybersecurity measures include comprehensive ransomware protection strategies to mitigate potential risks.

Used with permission from Article Aggregator

Leave a Reply