Snatch ransomware adds ability to reboots PCs into Safe Mode to bypass protection

Dec 13 22:12 2019 Print This Article

As defenses rise, crimeware developers are always looking for ways to hone their weapons.

One of the latest techniques, according to Sophos Labs, is adding the capability to a ransomware strain that forces a Windows machine to reboot into Safe Mode before beginning the encryption process. This may be aimed at getting around endpoint protection, which often won’t run in Safe Mode.

Researchers outlined their discovery in a blog this week which also offers infosec pros interesting insight into one ransomware gang’s strategy for breaking into an enterprise.

Sophos calls this particular strain of ransomware Snatch because the authors refer to themselves in online postings as the Snatch Team. First seen about a year ago, Snatch is programmed in Google’s Go language and consists of a collection of tools including a ransomware component that only works on Windows machines and a separate data stealer; a Cobalt Strike reverse-shell; and several publicly-available tools that aren’t inherently malicious but are used more conventionally by penetration testers, system administrators, or technicians.

Read More

About Article Author

The IT World Blog

Since its launch in 1984, IT World Canada has become the online information resource of choice for Canadian IT professionals working in medium to large enterprises. Representing the entire spectrum of enterprise IT, they provide news and information services that aid in achieving success in the Canadian IT market. more than 75,000 IT executives and professionals – representing 70 per cent of the buying power in Canada – turn to IT World Canada for the information they trust. IT World Canada creates daily news content, produces a daily newsletter and features IT professionals who blog on topics of industry interest.

Related Items

The state of COVID-19 testing

In these unprecedented times, we know that controlling the spread of novel coronavirus requires social distancing and testing. While all of us are doing our parts to stay at home, there’s a lot of confusion, chaos and frustration surrounding coronavirus testing in the US.  Before going further, ...

Security tips for work from home

With many companies moving to work from home (WFH) over the past few weeks, our portfolio company Kobalt (which provides security as a service for small-and mid-sized companies) has been getting a lot of calls from organizations that have had suffered incidents related to remote work. This is not o ...

The LawBytes Podcast, Episode 51: Canada’s Urban-Rural Broadband Divide – Josh Tabish on CIRA’s Internet Performance Data

The state of Internet access in Canada has been the subject of considerable debate in recent years as consumers and businesses alike assess whether Canada has kept pace with the need for universal access to fast, affordable broadband. What is now beyond debate is that there are still hundreds of th ...

Why the USMCA Locks in the Internet Platform Liability System in the U.S., Canada and Mexico

U.S. President Donald Trump yesterday signed an executive order targeting Internet platforms after Twitter fact-checked one of his tweets on mail-in voting (the company followed up with a warning on another tweet earlier today involving glorifying violence). The order cannot simply reverse current ...

B2B Marketplaces Revisited

Twenty years ago – in the midst of the Web 1.0 boom – expectations were high for B2B (product) marketplaces. The assumption was that online platforms would completely automate all supplier-customer transactions including retailing, wholesaling, and procurement. Yet today, the world of B2B marke ...

Announcing our investment in DemandStar, a marketplace for government procurement  

Today we’re excited to announce that we led DemandStar’s $2m seed round. The Seattle-based company provides an online marketplace for business-to-government commerce – it connects local and national suppliers with government procurement officers.  It should come as no surprise that governmen ...

Version One quarterly news and COVID-19 response

This has been the longest quarter ever. Early January seems like an eternity ago. Countries, communities and households have been turned upside down.  This time of year, we normally provide a portfolio update that highlights the various product launches, accolades and funding announcements from th ...

Thoughts on the State of DeFi

The last couple of weeks have been quite a test for cryptocurrency markets in general and DeFi in particular. On Black Thursday (March 12), BTC/ETH prices declined by ~50% and DeFi’s flagship project, MakerDAO, ended up with ~$5 million USD in unbacked DAI. You can read Tom Schmidt’s excellent ...

A deep retrofit of homes and buildings is the megaproject Canada needs

Ramping down carbon emissions from homes and buildings can help us rebuild Canada’s economy after the pandemic. ...

Rebuilding Canada’s economy includes energy resiliency in remote communities (blog)

This is the moment to create a roadmap for a society that is more resilient to these macro shocks – whether they are brought about by a pandemic or climate change. Canada’s response must support a more resilient, healthier economy that is competitive and shows economic strength in a decarbonize ...