FBI and CISA issue warning about dangerous new ransomware strain

Home / QSOL IT News / CISA / FBI and CISA issue warning about dangerous new ransomware strain

The U.S. Cybersecurity and Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a advisory warning organizations about the Snatch operation.

The advisory is part of the pairs #StopRansomware campaign, in which the two detail the , techniques, and procedures (TTP), as well as indicators of compromise (IOC), of currently active and disruptive ransomware operations, in hopes of helping organizations protect against the threats a little better. 

Even though Snatch first appeared sometime in 2018, the the two organizations provide is relatively new, with some investigation data dating in early June this year. As per the advisory, Snatch is a model, by which different actor groups rent out the encryptor, and the infrastructure, in order to run ransomware campaigns.

Evolution in tactics

While Snatch threat actors kept “consistently” evolving their threat tactics, the advisory reads, they kept in line with what the majority did – they exfiltrated and encrypted sensitive data, then demanded payment in exchange for the decryption key, and in exchange for not leaking the data on the dark web. 

“FBI and CISA encourage organizations to implement the in the Mitigations section of this CSA to reduce the likelihood and impact of ransomware incidents,” the two said.

Back in December 2019, Snatch ransomware was found rebooting infected computers into Safe Mode, to bypass security solutions. This version was discovered by security researchers from the Sophos Managed Threat Response team and SophosLabs, which said that no security tools work in Safe Mode, allowing Snatch to encrypt the files unabated. 

In a on SiliconANGLE, it was said that more recent Snatch victims include the Department of Veteran’s Affairs, Zilli, CEFCO Inc., the South African Department of Defense and the Briars Group Ltd.

Michael Mumcuoglu, co-founder and chief executive of posture management company CardinalOps Ltd., told the same publication that Snatch’s operators were more active over the past year and a half. 

Via Infosecurity Magazine

More from TechRadar Pro

Source link

Related Post

o3-mini is here and ships today on Azure

The post o3-mini is here and ships today on Azure AI Foundry and GitHub Copilot and Models… can’t wait to

AI, Azure, Exec posts, Mini, Recent News, Syndicated, today

Tech Time Warp: Java programming language is a

The programming language that made “Write Once, Read Anywhere” (WORA) a standard turns 34 this year (or 30, depending on

developers, Featured, history, IoT, Java, machine, programming language, Syndicated, Tech Insight, Tech Time Warp, WORA, year

Governor Murphy and Princeton University President Eisgruber announce

Major artificial intelligence Hub will bolster state’s innovation economy  Microsoft, CoreWeave, New Jersey Economic Development Authority and Princeton University expected

AI, Artificial Intelligence, Business, cybersecurity, economy, innovation, Microsoft, Press Releases, Syndicated, Technology

Microsoft earnings press release available on Investor Relations

REDMOND, Wash. — Jan. 29, 2025 — Microsoft Corp. on Wednesday announced that fiscal year 2025 second-quarter financial results are

AI, conference call, Financial Results, Investor Relations, Microsoft, Microsoft Earnings Results, Press Releases, Syndicated, Technology