contador web Saltar al contenido

Snatch: ransomware encrypts files and not detected by antivirus | Security

Snatch is a new ransomware capable of circumventing antivirus detection. Identified by SophosLab experts and revealed within the past week, the malware had been a safe restart of Windows. This is the way that criminals behind the virus have found to disable real-time scans of security software. Thus, the ransomware can encrypt the user's data and then demand ransom to release their access.

READ: Seven information you should never share on the web to avoid scams

Creators of ransomware ask for fortune in bitcoins to release unlock key for victims Photo: Pond5Creators of ransomware ask for fortune in bitcoins to release unlock key for victims Photo: Pond5

Creators of ransomware ask for fortune in bitcoins to release unlock key for victims Photo: Pond5

Want to buy cell phones, TV and other discounted products? Meet Compare TechTudo

The Windows security mode is intended to correct system problems and therefore boots with fewer active resources. One of the functions sacrificed in this profile is the antiviruses. By forcing the PC to start up in safe mode, Snatch can start the encryption process, which renders the stored data unusable, without being detected by the protective program. With the process completed, the malware asks for ransom so that the victim regains control over his data.

According to SophosLab, the severity of the problem is high, although the number of occurrences with Snatch is more restricted to corporate environments. According to experts, ransomware has been active at least since 2018 and has been applied mainly against companies, something that may explain its more limited reach.

In addition, experts note that the criminals behind Snatch may also be involved in theft operations and data interception by companies. As this type of operation takes longer and requires more sophistication of the attack, it is believed that this factor contributed to the malware not spreading quickly.

Ransomware is booting in safe mode to evade antivirus Photo: Reproduo / Helito BijoraRansomware is booting in safe mode to evade antivirus Photo: Reproduo / Helito Bijora

Ransomware is booting in safe mode to evade antivirus Photo: Reproduo / Helito Bijora

As explained by Coverware, a company specializing in mediating deals between ransomware and hacker victims, Sophos, 12 deals involving Snatch took place between July and October 2019. Payment amounts ranged between $ 2,000 and $ 35,000 (R $ 8,200 and R $ 145 thousand, respectively).

Another alarming information released by SophosLab technicians is the discovery of posts by the group responsible for Snatch in hacker forums looking for specialists in the areas of banks, which may indicate new developments in ransomware. While malware appears more interested in attacking corporate networks, chances are that other groups of criminals will apply the same strategy to home users in the future. Therefore, it is important to keep the connection protected to avoid problems.