What is Snatch Ransomware?

Encryption is a fantastic development in modern day computing. It keeps your data safe and sometimes even allows for private communication between 2 or more machines, like in the case of using a VPN. In the past couple of years, it has become a staple in the internet culture, with most users refusing to visit sites without an encryption method such as a TLS or SSL and switching to encrypted instant messaging apps.

Unfortunately to every good side of technology, there has to be a negative one as well. Encryption can be and has been weaponized by malicious software developers in order to extort money from individuals, businesses and even governmental organizations. This type of malware is called ransomware and it works by encrypting all the data on the target machine and demanding a ransom to be paid in order to provide a key so that the data can become accessible again.

What is Snatch?

Snatch is a newly discovered ransomware variant which was able to bypass Window’s endpoint protection by rebooting the device in Safe Mode. It works because some antivirus software does not start in Safe Mode, and the developers discovered that they could easily modify a Windows registry key to boot your PC into Safe Mode.

Once the target machine is booted into safe mode, the ransomware encrypts your files. In order to get these files decrypted, the hackers attempt to extort money from you by soliciting ransoms in the form of Bitcoin (i.e. makes it untraceable back to them).

Snatch targets specific files, mainly ones with extensions .doc, .docx, .xls, .pdf and many more. It changes these extensions to Snatch, so they are unopenable. Once the executable file is ran, it creates a Readme_Restore_Files.txt note in which the hacker demands anywhere between 1 and 5 Bitcoins in exchange for the decryption key. It looks like this:

Since the software uses AES encryption, infected files are not decryptable without a key.

Because of malicious software like Snatch and thousands more, we always recommend for you to create backups of important files and be extra vigilant when downloading things from the internet. To learn more about ransomware check out our blog to protect your computer from ransomware.