Resolve: Snatch Ransomware Hijacks Safe Mode To Encrypt Files


A new ransomware strain of the Snatch ransomware has been discovered that reboots the computers it infects into Safe Mode in order to bypass security solutions. The new variant of Snatch ransomware has been seen in the wild. A unique particularity is that it first reboots the infected Windows computers into Safe Mode to disable any security software to run more freely and then encrypt the victims’ files.

Snatch Ransomware was discovered by a team of security researchers from the threat response team and the new strain makes infected Windows devices boot into Safe Mode, allowing it to encrypt victim’s each and every file which is there on the system since most security tools are automatically disabled when doing so. Another thing that makes Snatch ransomware different and more dangerous than the other ransomware is that it not only hijacks the information and encrypting it until you pay the ransom, but it is also a stealer. Snatch ransomware includes a sophisticated data-stealing module, allowing attackers to steal vast amounts of information from the targeted organizations or persons.

Although the Snatch ransomware was written and compile in Google’s multi-platform programming language Go, the researchers explained in a blog post that it can only run on Windows devices, saying. Instead, Snatch ransomware exploits a Windows vulnerability which allows it to reboot the system in safe mode. Once it reaches Windows Safe Mode, the ransomware will finally start doing its expected act of encrypting files. Since by that time the Antivirus or Windows scanner software is not turned on, it can proceed with encryption uninterrupted.

Even if you get some wind that you might be infected with Snatch ransomware, there’s little chance of eluding it. This is what makes the Snatch ransomware so dangerous and difficult to disinfect. As the system security researchers say Snatch ransomware deletes “all the Volume Shadow Copies on the system,” preventing “forensic recovery of the files encrypted by the ransomware”. So one of the best ways to stay and keep system safe is to keep remote desktop services off the internet or use a VPN service as a safeguard.

Know-How To Stay Safe From the Snatch Ransomware Hijacks

  • Priority no #1: Get your security straightened out (DNS shields up!)
  • Priority no #2: Spread the word and educate your users

So, to overcome this problem it is very essential of having a habit of back-up of the system for any critical information you might have, and if it is very sensitive, keep it in a very appropriate place. Thus, in case if you still face problems from the Snatch ransomware hijacks safe mode to encrypt files then immediately refer to the system service center in order to resolve and fix the issue.


Leave a Comment

Your email address will not be published. Required fields are marked *

Skip to toolbar