The FBI and CISA explain the dangers of ransomware as a service.
The FBI and the CISA warned about the threat posed by the extortionate software "Snatch", known since 2018. Recently, its activity has been gaining momentum, so organizations are advised to be on the lookout.
The actions of the group do not just cause alarm among the US intelligence services. It has already claimed responsibility for a number of major attacks. Among them — incidents with the Ministry of Defense in South Africa, the city of Modesto in California, Saskatchewan airport in Canada and the London firm Briars Group.
"Snatch" operates on the principle of RaaS (ransomware as a service), which makes it even more dangerous and accessible to a wide range of intruders. According to experts, it mainly targets critical sectors: IT, the US defense industry and agro-industrial complexes.
In mid-2021, the group began acquiring data stolen by other hackers in order to extort money by threatening to publish it.
Also interesting are the methods of "Snatch" attacks, which make it particularly dangerous. The software forces Windows-based computers to restart in safe mode, thus bypassing antivirus systems and encrypting files.
Snatch skillfully exploits vulnerabilities in the Remote Desktop protocol (RDP), gaining high access privileges. After entering the network, attackers can "travel" through it for a long time, searching for and analyzing suitable files for compromise. They have a variety of tools in their arsenal, including programs such as Metasploit and Cobalt Strike.
The North American region has recently become the main target of attacks. Optiv's Nick Hyatt points out that their team recorded 70 incidents in this region between July 2022 and June 2023.
The FBI and the CISA warned about the threat posed by the extortionate software "Snatch", known since 2018. Recently, its activity has been gaining momentum, so organizations are advised to be on the lookout.
The actions of the group do not just cause alarm among the US intelligence services. It has already claimed responsibility for a number of major attacks. Among them — incidents with the Ministry of Defense in South Africa, the city of Modesto in California, Saskatchewan airport in Canada and the London firm Briars Group.
"Snatch" operates on the principle of RaaS (ransomware as a service), which makes it even more dangerous and accessible to a wide range of intruders. According to experts, it mainly targets critical sectors: IT, the US defense industry and agro-industrial complexes.
In mid-2021, the group began acquiring data stolen by other hackers in order to extort money by threatening to publish it.
Also interesting are the methods of "Snatch" attacks, which make it particularly dangerous. The software forces Windows-based computers to restart in safe mode, thus bypassing antivirus systems and encrypting files.
Snatch skillfully exploits vulnerabilities in the Remote Desktop protocol (RDP), gaining high access privileges. After entering the network, attackers can "travel" through it for a long time, searching for and analyzing suitable files for compromise. They have a variety of tools in their arsenal, including programs such as Metasploit and Cobalt Strike.
The North American region has recently become the main target of attacks. Optiv's Nick Hyatt points out that their team recorded 70 incidents in this region between July 2022 and June 2023.
