There is a new type of malware that can easily disable and bypass Windows 10 security software. Named Snatch, the ransomware first appeared about a year ago, but recently, it has been enhanced to be a more malicious cybersecurity threat, according to a report from Sophos. Attacks using Snatch have resulted in companies paying ransoms as high as $35,000 to recover their data, not to mention the loss in profits companies can sometimes experience while working to recover from a security breach.
Who is Snatch?
According to Sophos, the hackers behind Snatch call themselves the Snatch Team on dark web message forums. Researchers observed that the Snatch Team posted appeals for more partners on Russian-language forums who can give them access to “corporate networks, stores, and other companies.”
How Snatch Works
When Snatch infects your computer, the malware installs a Windows service called SuperBackupMan. After SuperBackupMan is executed, hackers use administrator access to run a tool that forces your computer to restart in Safe Mode. Once restarted, Snatch uses a Windows command to steal your data and encrypt your hard drive. Along with the ability to siphon your data, Snatch is also capable of installing surveillance software and stealing important business and personal information.
How to Protect Yourself from Snatch
According to Sophos, there are several ways to protect your company from Snatch.
- Monitor your network: Invest in threat-hunting programs or employ a provider to identify and stop any malicious activity online.
- Use multifactor authentication (MFA): Use two-step verification to protect for your devices and to make it harder for hackers to access your systems.
- Check all your devices: Sophos found that Snatch attacks often occur on unmonitored and unprotected devices. Set up regular checkups on all active devices to make sure no vulnerabilities exist.
- Protect remote access protocols: Make sure your company uses servers with remote access protocols that are updated with the latest security patches to locate abnormal activity and login attempts.
- Use a secure internet connection: Try not to use your remote desktop interface on an unprotected internet connection.
It is essential to build a solid and secure network for your company by regularly updating and monitoring devices. Hackers are constantly looking for ways to target your company and gain access to your business and personal information online.
As your company connects more devices to your network, preventing a cyberattack within your business can be easy if you follow the above steps. At MDL Technology, your company’s security is our number one concern. By offering services such as 24/7 support, network monitoring, offsite data backups, auditing and compliance and more we help ensure that you don’t need to stress about your team’s private information becoming public. Learn more about the services we offer by visiting our website.
