SophosLabs have discovered a new threat  

A variant of the Snatch ransomware has been spotted in the wild. It features an innovative means of getting around whatever antivirus software you may be used to defend yourself.

Disguised as a backup utility, when the malware is installed, it forces the Windows PC it's being installed on to reboot in Safe Mode.  This works because when the machine comes back up in Safe Mode, it's running with a limited set of drivers and capabilities that don't include antivirus software.  Since it's not running, it obviously can't detect the infection. It is ransomware, so as soon as the installation is complete, the files on the infected system are encrypted and unusable.

It gets worse.  In addition to locking the infected system down, Snatch will also attempt to delete all the Volume Shadow Copies in order to prevent forensic recovery of the encrypted files. On top of that, Snatch does more than simply encrypt files.  It also roots through the system and steals a wide range of data files, sending them off to a command and control server, even as it encrypts them.

Now Windows, but soon Mac OS

The researchers report that Snatch can run on Windows versions 7 through 10, in both 32 and 64-bit versions. Of interest, it was written in Go, which is a programming language used by app developers to create cross-platform apps.  Although Snatch is currently only known to impact Windows-based machines, given the programming language used, the developers would have an easy time creating variants that could infect just about any system, running any OS (like Apple Mac OS).

The hackers controlling the code seem to have big plans. They're advertising on underground forums on the Dark Web shopping for affiliates. They are hoping to partner with hackers or dissatisfied employees who have credentials that would enable the owners of the software to plant their malicious code inside large organizations.

Our perspective

Although there's no evidence yet of a widespread campaign using Snatch, that day seems inevitable, so make sure your staff knows to stay on the alert for it.

~ As Hill Street Blues' Sgt. Esterhaus always advised: "Hey, let's be careful out there! " ~

 

Meanwhile, check out this report

This free executive report may give you insights into how to build your business with safe IT environments: 10 Hidden IT Risks That Might Threaten Your Business and 1 Easy Way to Find Them

The author

Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPia Blogs. I am also available on LinkedIn, Facebook, and Twitter.

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT SupportI am Denis Wilson, President and Principal Consultant for DWP Information Architects. I help professionals grow their business by building a foundation of rock-solid information solutions for smaller healthcare, insurance, financial, legal, and nonprofits firms in Ventura County and San Fernando Valley. And have created cost-effective IT solutions, for over 20 years, specializing in cybersecurity and regulatory compliance. I am also a published author and speaker, working extensively with a variety of organizations, as well as providing small business technology education programs through business and professional associations. This just in: I will be speaking regularly at California Lutheran University's Center for Nonprofit Leadership starting in September.

Contact me if you would like me to speak at your association.