September 20, 2023

Snatch Ransomware Targeting Wide Range of Infrastructure

September 20, 2023

What we know so far

Since its emergence in 2018, Snatch has been operating as a ransomware-as-a-service (RaaS) model, targeting victims in the U.S. by 2019. Originally known as Team Truniger, the group utilizes a customized ransomware variant that can evade antivirus and endpoint protection by rebooting devices into Safe Mode before encrypting files. Notably, Snatch threat actors have been observed purchasing stolen data from other ransomware variants to pressure victims into paying ransoms. Despite claims to the contrary, an extortion blog operating under the name Snatch has been associated with confirmed Snatch victims' data, along with victims from other ransomware groups like Nokoyawa and Conti since August 2023.

Arrow Right

Schedule a test

Subscribe to advisory alerts

Be immediately notified of new advisories and associated security tests

More advisories