Snatch groups became active relatively long ago – the first cases were reported in 2018. Like Matrix ransomware, Snatch uses the trick with Windows Safe Mode and privileged service. After the injection, ransomware creates a Windows service, and gives it the permission to startup even in the Safe Mode, using certain registry keys. This service uses the executive files of ransomware as its basis, so each time you boot your PC you launch the virus. Safe Mode is needed to prevent the launch of anti-malware tools, installed on your PC.
Besides disabling the third-party antiviruses in such a way, Snatch ransomware also suspends Windows Defender in a well-known way – through editing the Group Policies. Moreover, to prevent any recovery attempts, this ransomware removes the Volume Shadow Copies and the backups which were created with basic Windows functionality. Such behavior is not new – the majority of ransomware variants that are aiming at corporations do the same.
No Data Found
© ALL RIGHTS RESERVED TO DarkFeed 2023
Cookie | Duration | Description |
---|---|---|
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |