From the past two days, a ransomware variant named ‘Snatch’ is doing rounds on the Google search engine and security analysts say that Snatch attempts to bypass traditional anti-virus tools by pushing the PC to reboot in safe mode.
In general, a safe reboot in Windows makes the system rebooting process very smooth by skipping certain software, drivers or services which aren’t working appropriately.
However, the said process also prevents the anti-virus software solution from loading which is offering cyber crooks a chance to load a PC with a dangerous strain of ransomware.
A specially devised ransomware variant named ‘Snatch’ forces the Windows PC to reboot in safe mode preventing the anti-malware solutions from running and this is where the hackers are proving their sophistication by not only encrypting the files but also stealing data by transmitting a copy of it to remote servers.
Last year, Cybersecurity company Sophos made some detailed analysis of this malware and concluded that it was created by using Google’s Go Program and can run on Windows 7 and 10 versions of 32 and 64-bit versions.
Now, coming to the main point, how to protect your IT infrastructure from ‘Snatch’ Ransomware Threat-
Never expose your Remote Desktop interface to illegitimate internet access. And if you need to do so, please permit access to machines through VPNs.
Use multi-factor authentication for administrators- Organizational heads should stress on activating multi-factor authentication for users with admin privileges as it makes it tough for hackers to launch brute force attacks on accounts.
Keep a tab on devices- In a research conducted by Sophos, Snatch ransomware is being launched on devices that are either unprotected or unmonitored. So, it is better to keep a check on the inventory of devices to make sure no void is created.
Network monitoring- It is essential to keep your network monitored from all sorts of cyber threats and there are already a few companies that are offering such solutions.