"Snatch Ransomware Reboots Machines In Safe Mode to Bypass Endpoint Protection"
The Sophos Managed Threat Response (MTR) team discovered a sample of Snatch ransomware when they were investigating an organization's network for a ransomware infection. Further analysis of the new strain of Snatch ransomware revealed that it evades security tools by rebooting infected machines in Safe Mode. This technique allows the ransomware to more effectively encrypt victims' files since most security solutions are automatically disabled in Safe Mode. Snatch is just one of a few ransomware strains that have recently adopted such evasive techniques. Samples of ShurLOckr ransomware were discovered by Comodo to be circumventing security screenings performed by Google Drive and Microsoft 365 to infiltrate the cloud and infect users of an organization's cloud platform. This article continues to discuss the Snatch ransomware, the increase in evasive ransomware, and how security professionals can defend against such ransomware.