September 22, 2023
Bypassing security controls, such as EDR, is a common goal for a piece of malware to employ. Malware, including ransomware, that does this can often run an attack to completion. Snatch is no different. This ransomware attempts to bypass security controls by putting a Windows computer into safe mode -where many security processes are disabled - before starting its file encryption routine. It is recommended you disable write access to the registry key that toggles safe mode on and off. This mitigation can make it harder for Snatch to bootstrap its attack.
Be immediately notified of new advisories and associated security tests
July 25, 2024