Posted on December 10, 2019 at 5:45 PM
There is currently a malicious software that is powerful and capable of bypassing Windows 10 usually reliable firewall. Security researchers are still studying this malware to annul the threat. Researchers have said the threat is not new, as some people may think.
It has been targeting businesses since last year. But currently, it has a new variation known as Snatch. However, Researchers at Sophos said the malware had been updated to now have access to windows 10. This will be a huge obstacle to deal with, as the Windows is very reliable.
How the malware penetrates its host
Researchers have explained that the malware bypasses the Windows 10 security by forcing windows to reboot immediately into safe mode. The SophosLab has warned that the risk the ransomware poses is very high, adding that it could cause a lot of harm in the Windows system.
According to the Chief researcher at Sophos, Andrew Brandt, the research company is poised to alert everyone and others in the cybersecurity industry. He tweeted that “Snatch” is evil and devious, and could cause heavy damage within any system it finds itself.
Those behind the malware
Sophos reported that those who are behind the malware call themselves the Snatch Team on dark web message boards. For now, the Sophos researchers have only seen the activities of this malware on corporate networks. To confirm the modus operandi, this Snatch team are advertising for affiliate partners on the dark web forums. They are only interested in systems that would be only susceptible to the type of program the malware runs.
The Snatch Team has been able to hide from detection by exploiting only corporate entities instead of private users.
Apart from encrypting files, which is the normal behaviour of ransomware, Snatch pushes further with its exploitation and threats. Apart from the safe mode reboot, the malware erases all shadow copies, which would be needed to carry out a forensic recovery. According to Sophos, that’s the area where the malware is more dangerous than other types of malware. After deleting the files, it gives the user no chance to recover the files ever again.
The financial loss the threat causes could be huge, depending on the amount of data the hacker has stolen. The threat actors could demand a ransom of around $35,000. However, this amount could even be more is the hacker decides to sell the data in the open dark market.
The main problem for the victims is the fact that Snatch could run on almost all types of new windows version from Windows 7. The versatility of the malware makes it very difficult to follow and target. Sophos has recommended that it’s still possible to lower the risk posed by Snatch. He said that the organization should not expose their RDP interface to the internet. According to him, that’s where the Windows system can remain vulnerable.
Sophos also stated that for now, the threat is only targeting the corporate institution. However, it could still shift and expand to individual accounts. If this happens, it could leave a lot of Microsoft office product to be vulnerable. Sophos said the threat is one of the most dangerous as it can cripple almost everything in the system.
Since the threat technology is now known, other threat actors can follow suit and attack in a similar pattern. So, home users are not exempted from the threat because it could spread to individual accounts. Sophos said they should be careful and have first-hand updates on the threat and how to nullify it when it eventually happens.