A dangerous malware virus called Snatch is making the rounds.  Surprisingly, Snatch reportedly takes advantage of Safe Mode in Microsoft Windows in order to prevent the targeted computers from using antivirus software.  Windows Safe Mode is a safety feature which helps users troubleshoot problems by rebooting their PC in a safer environment.  Safe Mode allows only the most basic software, drivers or services that come with Windows. It disables all additional programs. However, this process also prevents victims’ computer antivirus software from loading.  

What is Snatch?

Snatch, discovered by Michael Gillespie, is a high-risk piece of ransomware. It encrypts data on PCs and extorts users to pay ransom in order to unlock their data. The computer infection creates a ransom message within a text file dubbed “Readme_Restore_Files”. Moreover, it renames encrypted files by adding its extension name, “.snatch.”

The British computer security company Sophos found that Snatch can function even in Safe Mode.  Then, it encrypts the victim’s hard drive to force the user to pay the ransom to re-access the drive.

Keeping your Data from Getting Snatched

Sophos offered tips to protect computers against the Snatch ransomware:

First, organizations should not expose the Remote Desktop interface to the unprotected internet. All internet-facing remote access programs or tools could be huge risks if users leave them unwatched and unattended.

Second, organizations should use multi-factor authenticators for administrators to make it more difficult for attackers to breach their accounts.

Third, companies should do a thorough inventory check of all devices and search their network for threats.