Snatch ransomware adds ability to reboots PCs into Safe Mode to bypass protection

Dec 13 22:12 2019 Print This Article

As defenses rise, crimeware developers are always looking for ways to hone their weapons.

One of the latest techniques, according to Sophos Labs, is adding the capability to a ransomware strain that forces a Windows machine to reboot into Safe Mode before beginning the encryption process. This may be aimed at getting around endpoint protection, which often won’t run in Safe Mode.

Researchers outlined their discovery in a blog this week which also offers infosec pros interesting insight into one ransomware gang’s strategy for breaking into an enterprise.

Sophos calls this particular strain of ransomware Snatch because the authors refer to themselves in online postings as the Snatch Team. First seen about a year ago, Snatch is programmed in Google’s Go language and consists of a collection of tools including a ransomware component that only works on Windows machines and a separate data stealer; a Cobalt Strike reverse-shell; and several publicly-available tools that aren’t inherently malicious but are used more conventionally by penetration testers, system administrators, or technicians.

Read More

About Article Author

The IT World Blog

Since its launch in 1984, IT World Canada has become the online information resource of choice for Canadian IT professionals working in medium to large enterprises. Representing the entire spectrum of enterprise IT, they provide news and information services that aid in achieving success in the Canadian IT market. more than 75,000 IT executives and professionals – representing 70 per cent of the buying power in Canada – turn to IT World Canada for the information they trust. IT World Canada creates daily news content, produces a daily newsletter and features IT professionals who blog on topics of industry interest.

Related Items

Core Durable Goods Drop 0.9%

The stock market is rebounding after yesterday’s unpleasantness. So far, it appears to be the mirror image of yesterday’s action, just less so. Meaning, the best groups yesterday are the worst today, and last shall be first. However, the magnitude of the move is far less. We have two earnings ...

Huawei to get only partial access to UK’s 5G networks

Huawei and other “high risk” telecom providers will be excluded from the core of the U.K.’s 5G and gigabit-capable networks, Prime Minister Boris Johnson’s government has decided. It’s a move that could influence Canada’s decision on whether to allow carriers here to buy 5G equipment f ...

Rogers’ internal passwords and source code found open on GitHub

Sensitive data of another major Canadian firm has been found sitting open on the GitHub developers platform. Security researcher Jason Coulls said he recently discovered two open accounts with application source code, internal user names and passwords, and private keys for Rogers Communications. No ...

Hashtag Trending – Jeff Bezos phone hack; Microsoft exposes customer data; New budget iPhone

Today’s top story further proves that data theft can happen to anyone. Amazon CEO Jeff Bezos had his data lifted from his phone. Furthermore, Microsoft exposed 250 million customer service records to the internet. But hey, a budget iPhone is coming soon, so that’s nice, right? Thank you for tuni ...

Avast antivirus allegedly sold identifiable personal information to third parties

Avast has never made its data collection practices a secret, but a joint report by Vice’s Motherboard and PCMag has revealed that the supposedly anonymized data can still be traced back to specific individuals. After sifting through leaked user data and company documents, the report published tod ...

Ontario construction firm victim of ransomware attack

A multi-million dollar Ontario construction firm that has worked on major federal and provincial projects including facilities for national defence and police stations has been hit by a ransomware attack. According to CBC News, Bird Construction of Mississauga, Ont., acknowledged that it was recent ...

Mastercard opens global cybersecurity centre in Vancouver

Mastercard today announced that Vancouver is home to its new global intelligence and cyber centre. It will be one of six global technology centres (the other five are in New York and St. Louis in the U.S., Pune-Vadodara in India, Dublin in Ireland and Sydney in Australia), and will develop new cybe ...

Researchers find open Microsoft database with 250 million support records

Configuration mistakes by staff can be a huge embarrassment to organizations, defeating even the biggest IT security budget. Often these mistakes result in databases of sensitive information being left open on the internet for a lucky hacker to trip over. The latest publicly-identified victim is Mi ...

Activists focus on RCMP as fears of a police raid on Wet'suwet'en territory escalate

January 28, 2020 Activists focus on RCMP as fears of a police raid on Wet'suwet'en territory escalate "Canada is an occupation," says one activist. RCMP surveillance and arrests of Indigenous land defenders and allies have continued as resistance to the Coastal GasLink pipeline intensifies. ...

Home care policies failing workers and patients in Ontario

Zaid Noorsumar "The conditions of work are the conditions of care." Natalie Mehra, executive director, Ontario Health Coalition As a nurse, Althea Quinn's instinct was to spend more time with the husband of the dying woman she was attending to during a home visit.  "It was obvious that she was ...