FBI and CISA Issue Advisory on Snatch Ransomware Targeting Critical Infrastructure Sectors

In a joint cybersecurity advisory, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have raised an alarm regarding the activities of Snatch, a notorious ransomware-as-a-service (RaaS) operation that has been wreaking havoc since at least 2018. The advisory warns that Snatch has escalated its attacks on critical infrastructure sectors, particularly focusing on the IT sector, the U.S. defense industrial base, and the food and agriculture vertical. Snatch’s evolving tactics, use of stolen data, and unique features have made it a significant threat to organizations across North America. Let’s delve into the details of this nefarious ransomware and the measures organizations can take to protect themselves.

Overview of Snatch Ransomware-as-a-Service (RaaS) Operation

Since its emergence in 2018, Snatch has become one of the most prominent ransomware-as-a-service operations in the cybercriminal landscape. With its sophisticated infrastructure and extensive network of affiliates, Snatch offers ransomware capabilities to other threat actors, enabling them to launch ransomware attacks more effectively.

Warning about Snatch Targeting Critical Infrastructure Sectors

The FBI and CISA advisory highlights the increasing threats posed by Snatch to critical infrastructure sectors. These sectors, which are the backbone of nations’ economies, are particularly attractive targets for ransomware operators seeking financial gain or potential disruption.

Evolution of Snatch’s tactics and usage of stolen data

Snatch has adapted its tactics over time, leveraging stolen data from other ransomware variants to exploit victims into paying the ransom. This not only increases the credibility of their threats but also raises concerns about the potential sale or public leak of sensitive information if the ransom demands are not met.

Snatch’s Unique Capability: Forcing Systems into Safe Mode

One of the most notable capabilities of Snatch is its ability to force Windows systems to reboot into Safe Mode. By doing so, this insidious malware can encrypt files undetected by traditional antivirus tools, as Safe Mode limits the number of running Windows services.

Safe Mode Evasion and File Encryption

Snatch’s ability to operate in Safe Mode allows it to circumvent endpoint security controls and encrypt files without detection. This stealthy approach poses a significant challenge for organizations relying solely on traditional antivirus solutions for protection.

Exfiltration of Data and Threats of Public Leak

Ransomware operators go beyond encryption and have been known to exfiltrate sensitive data from victim organizations. They threaten to publicly release or sell this data unless the ransom is paid promptly. Such extortion tactics increase the pressure on victims to comply with their demands.

Targeting weaknesses in Remote Desktop Protocol (RDP) and stolen credentials

Snatch gains initial network access by exploiting weaknesses in the Remote Desktop Protocol (RDP). Additionally, the operators have adopted the use of stolen or purchased credentials to infiltrate target networks. This combination allows them to move freely within compromised infrastructures.

Prolonged reconnaissance and use of legitimate and malicious tools

Once inside a network, Snatch operators engage in a thorough reconnaissance phase, spending months searching for specific files and folders to target. They employ a combination of both legitimate and malicious tools to achieve their objectives, making detection and mitigation challenging.

Recent signs of renewed activity and indicator alignment

Although Snatch’s activity has shown some signs of waning, recent observations indicate a limited resurgence. The indicators of compromise identified by cybersecurity experts align with those highlighted in the FBI and CISA advisory, emphasizing the importance of remaining vigilant and implementing robust security measures.

Snatch’s primary focus is on North American organizations

In the past year, Snatch’s attacks have primarily targeted North American organizations, with a staggering 70 attacks documented between July 2022 and June 2023. This regional focus underscores the need for heightened cybersecurity preparedness and response measures within this jurisdiction.

The FBI and CISA advisory serves as a critical reminder for organizations to remain proactive in their cybersecurity efforts, especially in the face of evolving ransomware threats like Snatch. It is imperative for organizations to prioritize comprehensive security measures, including implementing strong network defenses, patching vulnerabilities, regularly backing up critical data, and training employees to recognize and mitigate phishing attacks. By fortifying their cyber defenses, organizations can mitigate the risk of falling victim to Snatch and other ransomware operations, safeguarding not only their sensitive data but also the critical infrastructure sectors that underpin economies and society at large.

Explore more

How Is AI Revolutionizing Email Marketing Strategies?

Setting the Stage for Digital Communication Evolution In today’s hyper-connected digital landscape, businesses send billions of emails daily, yet only a fraction capture attention amid overflowing inboxes, pushing marketers to seek innovative solutions. Artificial Intelligence (AI) has emerged as a game-changer in transforming email marketing from a generic broadcast tool into a precision-driven strategy. With the ability to analyze vast

How Is Embedded Finance Transforming UK Brand Experiences?

Imagine a world where purchasing a new gadget at a retail store instantly offers tailored financing options right at checkout, or where booking a vacation seamlessly includes travel insurance within the same app. This is the reality shaped by embedded finance, a transformative technology integrating financial services into non-financial platforms. As digital ecosystems continue to dominate consumer interactions in 2025,

Paid Content Marketing Triumphs in the AI Era over Earned Media

In the rapidly changing arena of digital marketing, a profound transformation is reshaping how brands connect with audiences, marking a significant shift in strategy. Once a dominant force, earned media—those organic news features or viral social media moments—has been dethroned as the go-to strategy for growth among businesses, musicians, and creators. Now, paid content marketing has surged to the forefront,

Job Openings Drop in July, Yet Hiring Remains Strong

Overview of the U.S. Labor Market In the heat of summer, as businesses and workers navigate an ever-shifting economic landscape, a striking statistic emerges from the U.S. labor market: job openings have dipped to 7.2 million in July, down from 7.4 million just a month prior, raising eyebrows especially when juxtaposed with the robust hiring figures of 5.3 million for

Trend Analysis: Cooling US Labor Market Dynamics

Introduction In a startling reflection of economic headwinds, US private sector job growth plummeted to a mere 54,000 in August, nearly half of the previous month’s tally of 106,000, signaling a profound slowdown in labor market momentum. This sharp decline arrives at a critical juncture, with economic uncertainty casting a long shadow, policy debates intensifying, and political figures like President