There is currently a malicious software that is powerful and capable of bypassing Windows 10 usually reliable firewall. Security researchers are still studying this malware to annul the threat. Researchers have said the threat is not new, as some people may think.
It
has been targeting businesses since last year. But currently, it has a new
variation known as Snatch. However, Researchers at Sophos said the malware had
been updated to now have access to windows 10. This will be a huge obstacle to
deal with, as the Windows is very reliable.
Researchers have explained that the malware bypasses the Windows 10 security by forcing windows to reboot immediately into safe mode. The SophosLab has warned that the risk the ransomware poses is very high, adding that it could cause a lot of harm in the Windows system.
According to the Chief researcher at Sophos, Andrew Brandt, the research company is poised to alert everyone and others in the cybersecurity industry. He tweeted that “Snatch” is evil and devious, and could cause heavy damage within any system it finds itself.
Sophos
reported that those who are behind the malware call
themselves the Snatch Team on dark web message boards. For now, the Sophos
researchers have only seen the activities of this malware on corporate
networks. To confirm the modus operandi, this Snatch team are advertising for
affiliate partners on the dark web forums. They are only interested in systems
that would be only susceptible to the type of program the malware runs.
The
Snatch Team has been able to hide from detection by exploiting only corporate
entities instead of private users.
Apart from encrypting files, which is the normal behaviour of ransomware, Snatch pushes further with its exploitation and threats. Apart from the safe mode reboot, the malware erases all shadow copies, which would be needed to carry out a forensic recovery. According to Sophos, that’s the area where the malware is more dangerous than other types of malware . After deleting the files, it gives the user no chance to recover the files ever again.
The
financial loss the threat causes could be huge, depending on the amount of data
the hacker has stolen. The threat actors could demand a ransom of around $35,000.
However, this amount could even be more is the hacker decides to sell the data
in the open dark market.
The
main problem for the victims is the fact that Snatch could run on almost all
types of new windows version from Windows 7. The versatility of the malware
makes it very difficult to follow and target. Sophos has recommended that it’s
still possible to lower the risk posed by Snatch. He said that the organization
should not expose their RDP interface to the internet. According to him, that’s
where the Windows system can remain vulnerable.
Sophos also stated that for now, the threat is only targeting the corporate institution. However, it could still shift and expand to individual accounts. If this happens, it could leave a lot of Microsoft office product to be vulnerable. Sophos said the threat is one of the most dangerous as it can cripple almost everything in the system.
Since
the threat technology is now known, other threat actors can follow suit and
attack in a similar pattern. So, home users are not exempted from the threat
because it could spread to individual accounts. Sophos said they should be
careful and have first-hand updates on the threat and how to nullify it when it
eventually happens.
cvv2su hacksellercom
