Joint FBI and CISA advisory warns of Snatch ransomware operation

The U.S. Federal Bureau of Investigation and the Cybersecurity and Infrastructure Agency today released a joint Cybersecurity Advisory warning of the Snatch ransomware operation.

Snatch first appeared in 2018 and operates on a ransomware as a service model. Ransomware as a service is a cybercriminal business model where ransomware operators develop and provide ransomware to affiliates who pay to use it for launching ransomware attacks. The first known victim in the U.S. of a Snatch ransomware attack was ASP.NET hosting provider SmarterASP.NET in 2019.

The joint advisory has been released to disseminate known ransomware indicators of compromise and tactics, techniques and procedures associated with Snatch ransomware identified through FBI investigations as recently as June 1, 2023.

Snatch threat actors are said to be consistently evolving their tactics to take advantage of current trends in the cybercriminal space and have leveraged the successes of other ransomware operations. Affiliates using Snatch have targeted critical infrastructure sectors, including companies and organizations in the defense, food and agriculture and information technology sectors.

Snatch dark web site

Like many ransomware actors over the last few years, Snatch operates on a so-called double-extortion basis, both encrypting data and stealing it – demanding that a ransom be paid not only for a decryption key but also a promise that the stolen data will not be published on Snatch’s dark web site.

Recent victims of Snatch ransomware attacks, as listed on their dark web site (pictured), include the Florida Department of Veteran’s Affairs, Zilli, CEFCO Inc., the South African Department of Defense and the Briars Group Ltd.

Discussing the advisory, Michael Mumcuoglu, chief executive officer and co-founder of posture management company CardinalOps Ltd. told SiliconANGLE that there has been increased activity by the Snatch ransomware group over the last 12-18 months as they have claimed responsibility for several recent high-profile attacks.

“A unique tactic used by the Snatch ransomware group leverages ‘stealthy malware’ that takes advantage of the fact that many Windows computers do not…