Advisories from the FBI and US Cybersecurity and Infrastructure Security Agency typically indicate that a threat merits priority attention from organizations that may be impacted. “Snatch,” a ransomware-as-a-service, Raas, operation has been active since at least 2018 and is the subject of an alert from the two agencies this week.
The threat actor is said to be targeting a wide range of infrastructure sectors, including the IT sector, the US defense industrial base, and the food and agriculture sector. The most recent attacks by the threat actor were in June. The advisory did not say why the alert was released this week, but there are speculations that it may be connectives to Snatch operation’s increased activity over the last 12 to 18 months. Snatch is a malware that forces Windows systems to reboot into Safe Mode so it can encrypt files without being detected by antivirus tools. In many attacks, Snatch operators have used Remote Desktop Protocol to gain administrator-level access to a target network. Once in the network, the actor can sometimes spend extended time, up to three months, finding files and folders to target in its attack.
Read More: FBI, CISA Issue Joint Warning on ‘Snatch’ Ransomware-as-a-Service
