Joint Advisory Warns of Snatch Ransomware

Robinson+Cole Data Privacy + Security Insider

The FBI and CISA issued a Joint Cybersecurity Advisory “#StopRansomware: Snatch Ransomware” on September 20, 2023. The Advisory outlines the indicators of compromise and observed tactics, techniques, and procedures of Snatch so organizations can identify, mitigate, and respond to an attack using the Snatch ransomware variant.

Snatch has been hitting the Defense Industrial Base (DIB), Food and Agriculture and Information Technology sectors. “Snatch threat actors conduct ransomware operations involving data exfiltration and double extortion. After data exfiltration often involving direct communications with victims demanding ransom, Snatch threat actors may threaten victims with double extortion, where the victims’ data will be posted on Snatch’s extortion blog if the ransom goes unpaid.”

The malicious email domains used by Snatch are: sezname[.]cz; cock[.]li and airmail[.]cc. The legitimate emails domains used by Snatch are: tutanota[.]com / tutamail[.]com / tuta[.]io; mail[.]fr; keemail[.]me; protonmail[.]com / proton[.]me; and swisscows[.]email.

FBI and CISA provide recommendations to mitigate a Snatch attack, including:

  1. Secure and closely monitor Remote Desktop Protocol (RDP).
  2. Maintain offline backups of data.
  3. Enable and enforce phishing-resistant multifactor authentication (MFA).

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Robinson+Cole Data Privacy + Security Insider | Attorney Advertising

Written by:

Robinson+Cole Data Privacy + Security Insider

Robinson+Cole Data Privacy + Security Insider on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide