This one is pure evil genius! The latest variant of Snatch has been identified by the researchers at Sophos. Infecting Windows 7 through 10 (in both 32-bit and 64-bit versions), this version of Snatch installs a Windows service SuperBackupMan that is configured to run in Safe Mode. Once a forced restart is complete, and the system is in Safe Mode, those AV solutions not configured to run leave the system exposed and able to be encrypted.
But the impressiveness of this ransomware doesn’t stop there. Researchers also found the following attack measures in varying degrees:
The payload for this ransomware uses the open-source packer UPX to help obfuscate detection of the malicious code within. This is powerful and dangerous stuff here that has attack ramifications both in the immediate timeframe and in the future (depending on how patient the attacker is).
Your organization needs to address this in two ways: