FBI and CISA issue warning about dangerous new ransomware strain

News
By published

Snatch ransomware activity is on the rise, businesses warned

ID theft
Image credit: Pixabay (Image credit: Future)

The U.S. Cybersecurity and Infrastructure Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a security advisory warning organizations about the Snatch ransomware operation.

The advisory is part of the pairs #StopRansomware campaign, in which the two detail the tactics, techniques, and procedures (TTP), as well as indicators of compromise (IOC), of currently active and disruptive ransomware operations, in hopes of helping organizations protect against the threats a little better. 

Even though Snatch first appeared sometime in 2018, the data the two organizations provide is relatively new, with some investigation data dating in early June this year. As per the advisory, Snatch is a ransomware-as-a-service model, by which different threat actor groups rent out the encryptor, and the infrastructure, in order to run ransomware campaigns.

Evolution in tactics

While Snatch threat actors kept “consistently” evolving their threat tactics, the advisory reads, they kept in line with what the majority did - they exfiltrated and encrypted sensitive data, then demanded payment in exchange for the decryption key, and in exchange for not leaking the data on the dark web. 

“FBI and CISA encourage organizations to implement the recommendations in the Mitigations section of this CSA to reduce the likelihood and impact of ransomware incidents,” the two said.

Back in December 2019, Snatch ransomware was found rebooting infected computers into Safe Mode, to bypass security solutions. This version was discovered by security researchers from the Sophos Managed Threat Response team and SophosLabs, which said that no security tools work in Safe Mode, allowing Snatch to encrypt the files unabated. 

In a report on SiliconANGLE, it was said that more recent Snatch victims include the Florida Department of Veteran’s Affairs, Zilli, CEFCO Inc., the South African Department of Defense and the Briars Group Ltd.

Michael Mumcuoglu, co-founder and chief executive of posture management company CardinalOps Ltd., told the same publication that Snatch’s operators were more active over the past year and a half. 

Via Infosecurity Magazine

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
data recovery
Ghost ransomware has hit firms in over 70 countries, FBI and CISA warn
Code Skull
US government warns Medusa ransomware has hit hundreds of critical infrastructure targets
Code Skull
This dangerous new ransomware is hitting Windows, ARM, ESXi systems
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
A person at a laptop with a cybersecure lock symbol floating above it.
Hackers are still using old Ivanti bugs to break into networks
An American flag flying outside the US Capitol building against a blue sky
US military and defense contractors hit with Infostealer malware
Latest in Security
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak
A major Keenetic router data leak could put a million households at risk
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
Latest in News
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Microsoft Surface Laptop and Surface Pro devices on a table.
Hate Windows 11’s search? Microsoft is fixing it with AI, and that almost makes me want to buy a Copilot+ PC
Oura Ring 4
Activity tracking on Oura Ring is about to get a whole lot better, but I've got bad news about your step count
Google Pixel Buds Pro 2
Cleaned your Pixel Buds Pro 2 recently? If not, you might be getting worse sound
Google Maps on a phone being held in someone's hand
Google Maps is getting two key upgrades, for easier route planning and quicker access to Gemini AI
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
More about security
URL phishing

HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware

Cl0p resurgence drives ransomware attacks to new highs in 2025
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.

Broadcom warns of worrying security flaws affecting VMware tools
See more latest
Most Popular
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Apple Music on a tablet, showing a new Listening Guide feature
Apple Music Classical just got 3 excellent perks in its biggest upgrade since launch
Google Pixel Buds Pro 2
Cleaned your Pixel Buds Pro 2 recently? If not, you might be getting worse sound
Quick move in Civ 7.
Sid Meier's Civilization 7 update 1.1.1 is here and it finally adds a setting that I've wanted since day one
A green claw wraps around the carcass of a monster
Is Lagiacrus coming to Monster Hunter Wilds? Some fans are convinced, and here's why
Gemini on a smartphone.
Gemini 2.5 is now available for Advanced users and it seriously improves Google’s AI reasoning
Microsoft Surface Laptop and Surface Pro devices on a table.
Hate Windows 11’s search? Microsoft is fixing it with AI, and that almost makes me want to buy a Copilot+ PC
Google Maps on a phone being held in someone's hand
Google Maps is getting two key upgrades, for easier route planning and quicker access to Gemini AI
Android Auto
Android Auto 14.0 is rolling out now – and it'll soon swap Google Assistant for the smarter Gemini
Oura Ring 4
Activity tracking on Oura Ring is about to get a whole lot better, but I've got bad news about your step count