Threat Landscape Dashboard

Assessing today's threats and the relationships between them

Snatch - Ransomware

Snatch ransomware has been identified using brute force tactics over RDP to gain access to Domain Administrator accounts. Once compromised a reverse shell is setup on a Domain Controller to maintain persistence and allow the encryption of domain joined machines. Additionally in an attempt to evade detection the ransomware reboots the machine into safe mode before encrypting the device.
Name Modified Date Sources
Snatch - Ransomware 2020-07-15