FBI, CISA: Snatch Ransomware Group Improving Cybercrime Tactics

A joint advisory released by the FBI and the Cybersecurity and Infrastructure Security Agency warns critical infrastructure sectors of the Snatch ransomware gang’s evolving tactics to compromise systems and steal sensitive data. 

According to the advisory, the five-year-old group improves its malicious software using learnings from successful ransomware operations and mainly targets the defense industrial base, food and agriculture, and information technology sectors. 

Snatch is known to demand two ransom payments, one for decrypting data and the other for preventing stolen data from being sold or posted online, Defense One reported. 

The advisory also noted that Snatch purchases data other ransomware groups exfiltrated to secure ransom payments from victims. 

The FBI and CISA advised organizations to secure and monitor their remote desktop protocol since the ransomware group relies on exploiting RDP vulnerabilities to gain administrator credentials to victims’ networks. 

Other recommendations include auditing remote access tools, employing phishing-resistant multifactor authentication and maintaining offline data backups.