Bypassing security controls, such as EDR, is a common goal for a piece of malware to employ. Malware, including ransomware, that does this can often run an attack to completion. Snatch is no different. This ransomware attempts to bypass security controls by putting a Windows computer into safe mode -where many security processes are disabled - before starting its file encryption routine. It is recommended you disable write access to the registry key that toggles safe mode on and off. This mitigation can make it harder for Snatch to bootstrap its attack.