We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

Joint Advisory Issued on Snatch Ransomware by US Agencies

Joint Advisory Issued on Snatch Ransomware by US Agencies
Author Image Zane Kennedy
Zane Kennedy Published on 26th September 2023 Cybersecurity Researcher

In a united front against the escalating threat of Snatch ransomware, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a critical joint advisory, warning organizations across various sectors including IT, defense, food, and agriculture.

The advisory comes in light of Snatch's unique modus operandi, where it employs a customized ransomware that forces Windows systems to reboot into Safe Mode. This enables the group to bypass antivirus and endpoint protection solutions.

Michael Mumcuoglu, CEO and co-founder of CardinalOps, a network security company, spoke to SiliconANGLE and pointed out that there has been increased activity by the Snatch ransomware group over the last 12 to 18 months.

The group is notorious for their double extortion tactics, where they threaten to publish stolen data on their public blog if the ransom goes unpaid. According to The Register, the recent victims of Snatch include high-profile entities such as the City of Modesto and allegedly, the Florida Department of Veterans’ Affairs, which was listed on Snatch's dark-web site as one of its latest victims.

Active since 2018, Dark Reading reported that the Snatch ransomware group has evolved its tactics over time, leveraging the successes of other ransomware variants and consistently adapting to current trends in the cybercriminal space.

The joint advisory, based on FBI investigations between September 2022 and June 2023, provides detailed indicators of compromise and highlights the various methods Snatch affiliates use to infiltrate victims' networks. A primary method involves exploiting weaknesses in the Remote Desktop Protocol (RDP) to gain administrator credentials to victim’s networks. In some cases, the Snatch group has also purchased compromised credentials from online criminal marketplaces.

Once access is gained, Snatch affiliates utilize a combination of legitimate and malicious tools to maintain persistence and move laterally across networks, sometimes spending up to three months on victims' networks before deploying ransomware. To mitigate the risk of Snatch ransomware attacks, the advisory recommends organizations to closely monitor the use of remote access tools, disable command-line scripting, and more.

The issuance of this advisory underscores the sophisticated and evolving nature of cyber threats, emphasizing the need for heightened cybersecurity awareness and proactive defensive measures across all sectors.This comes amidst other significant ransomware threats, such as the LockBit ransomware, which has recently extorted US organizations for $91 million.

About the Author

Zane is a Cybersecurity Researcher and Writer at vpnMentor. His extensive experience in the tech and cybersecurity industries provides readers with accurate and trustworthy news stories and articles. He aims to help individuals protect themselves through informative content and awareness of cybersecurity's crucial role in today's digital landscape.