Ransomware Uses New Method To Get Past Antivirus Programs

December 20, 2019

Written by wukovits

Researchers at SophosLabs have discovered a new threat to be on the alert for.  A variant of the Snatch ransomware has been spotted in the wild.

It features an innovative means of getting around whatever antivirus software you may be using to defend yourself.

Disguised as a backup utility, when the malware is installed, it forces the Windows PC it’s being installed on to reboot in Safe Mode.  This works because when the machine comes back up in Safe Mode, it’s running with a limited set of drivers and capabilities that don’t include antivirus software.  Since it’s not running, it obviously can’t detect the infection. It is ransomware, so as soon as the installation is complete, the files on the infected system are encrypted and unusable.

It gets worse.  In addition to locking the infected system down, Snatch will also attempt to delete all the Volume Shadow Copies in order to prevent forensic recovery of the encrypted files. On top of that, Snatch does more than simply encrypt files.  It also roots through the system and steals a wide range of data files, sending them off to a command and control server, even as it encrypts them.

The researchers report that Snatch can run on Windows versions 7 through 10, in both 32 and 64-bit versions. Of interest, it was written in Go, which is a programming language used by app developers to create cross-platform apps.  Although Snatch is currently only known to impact Windows-based machines, given the programming language used, the developers would have an easy time creating variants that could infect just about any system, running any OS.

The hackers controlling the code seem to have big plans. They’re advertising on underground forums on the Dark Web shopping for affiliates. They are hoping to partner with hackers or dissatisfied employees who have credentials that would enable the owners of the software to plant their malicious code inside large organizations.

Although there’s no evidence yet of a widespread campaign using Snatch, that day seems inevitable, so make sure your staff knows to stay on the alert for it.

Used with permission from Article Aggregator

Bayou Tech

We provide solutions for your business. Find out how we can help.

Related Articles

Major Cyber Attack at OMV

Louisiana’s Office of Motor Vehicles (OMV) is one of a still undetermined number of government entities, major businesses, and organizations to be affected by an unprecedented Data Breach.There is no indication at this time that cyber attackers who breached MOVEit...

New Graphene Technology May Increase Hard Drive Storage

HDDs are old, well understood technology. They haven't changed much in recent years. In fact, increasingly, people are writing them off, preferring SSDs for their greater speed and smaller size, even though HDDs are less expensive. The clever folks at the University...

Some Amazon Device Features May Have Security Risks

Have you heard of Amazon Sidewalk? If not, it's definitely something you should be aware of. Depending on your point of view, the new feature, which was enabled by default on a wide range of Amazon devices by default on June 8 of this year (2021) is either...

Send us a message

Your message was sent.