• About
  • Advertise
  • Careers
  • Contact
Saturday, July 2, 2022
No Result
View All Result
NEWSLETTER
Cyber360 News
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
No Result
View All Result
Cyber360 News
No Result
View All Result
Home Security

This Malware Reboots Windows PCs In Safe Mode To Bypass Antivirus

by Cyber360 News
December 10, 2019
in Security
0
This Malware Reboots Windows PCs In Safe Mode To Bypass Antivirus
0
SHARES
2
VIEWS
Share on FacebookShare on Twitter

A research team from SophosLabs and Sophos managed Threat Response(SMTR) has come across a new ransomware dubbed Snatch that reboots Windows PCs into safe mode before initiating encryption. According to researchers, this is a never-before-seen behavior and the possible reason why Snatch reboots PCs mid-attack is to evade antivirus apps installed in infected computers.

The authors behind Snatch know very well that most antivirus apps are ineffective in Windows Safe Mode as the mode only allows essential system programs and services to run during boot.

Snatch ransomware uses a Windows registry key to schedule the encryption process which makes it impossible for antivirus to catch it or stop the encryption.

But the most dangerous aspect of the attack is this: Snatch sets itself up as a service that will run even during a Safe Mode reboot, then reboots the box into Safe Mode. This effectively neuters the active protection of many endpoint security tools. Devious! and evil. pic.twitter.com/lqCxhxwg4y

— Andrew Brandt (@threatresearch) December 9, 2019

Snatch ransomware was spotted a year ago by security researchers and the new technique to avoid antivirus apps by rebooting PCs in safe mode is a recently added feature.

The ransomware, in question, has a ransomware component, a data stealer, a Cobalt Strike reverse-shell and many tools (not essentially harmful) that are publicly available and used by administrators and penetration testers.

Andrew Brandt from Sophos research team says, “SophosLabs feels that the severity of the risk posed by ransomware which runs in Safe Mode cannot be overstated, and that we needed to publish this information as a warning to the rest of the security industry, as well as to end users.”

The reason why Snatch ransomware did not gain popularity is that the authors behind the ransomware or Snatch Team never intended to target home users and general users. They carefully targeted private companies and government organizations. This technique is called “big-game hunting” in the cybersecurity realm and groups who adopt this often want to earn a large sum of ransom from big corporates or government organizations instead of earning small ransomware amount.

In its report, Sophos mentions that organizations must use strong passwords and multi-factor authentication for the services and ports that are exposed to the internet.

Also Read: WireGuard VPN For Linux Is Finally Ready For Launch
Cyber360 News

Cyber360 News

Next Post
Download: The 2020 Cybersecurity Salary Survey Results

Download: The 2020 Cybersecurity Salary Survey Results

Recent Posts

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

October 6, 2021
Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

October 1, 2021
Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

October 1, 2021

Whats New in Kali Linux?

September 14, 2021

Kali Linux 2019.3 Release (CloudFlare, Kali-status, metapackages, Helper-Scripts & LXD)

September 14, 2021

Kali Linux 2021.3 Release (OpenSSL, Kali-Tools, Kali Live VM Support, Kali NetHunter Smartwatch)

September 14, 2021

Kali Linux 2018.4 Release

September 14, 2021

Kali Linux 1.0.5 and Software Defined Radio

September 14, 2021

Kali Tools Website Launched, 1.0.9 Release

September 14, 2021

Kali Linux Dojo at Black Hat Vegas 2016

September 14, 2021

Category

Site Links

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

About Us

We bring you the best Premium WordPress Themes that perfect for news, magazine, personal blog, etc. Check our landing page for details.

© 2019 Cyber360 News - Powered by WebSensePro

No Result
View All Result
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us

© 2019 Cyber360 News - Powered by WebSensePro

Login to your account below

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In