Home Malware Programs Ransomware '.snatch File Extension' Ransomware

'.snatch File Extension' Ransomware

Posted: January 4, 2019

The '.snatch File Extension' Ransomware is a file-locker Trojan that can block data by encrypting it. Any encrypted files will have name changes that add this threat's extension without replacing their original ones and require decrypting before they can open again. Have anti-malware products protect your computer by removing the '.snatch File Extension' Ransomware immediately and, if available, restore your work from a backup.

A Trojan Ducking Under the Sword of Islam

Saudi Arabia, which is rarely a priority target for file-locker Trojans' campaigns, is becoming a new region of interest to at least one threat actor or team of them. The file-locker Trojan, currently under the label of the '.snatch File Extension' Ransomware, is also unique for its preferred operating system: Mac-brand environments like OS X, instead of Windows or even Linux. While these parts of its campaign are pseudo-rare sights, malware experts are finding that the '.snatch File Extension' Ransomware's other attacks are standard for a threat of its classification.

The '.snatch File Extension' Ransomware's infection strategies call for more investigation, but the victims are posting reports of its being out in the wild as of the start of 2019. If it's using exploits similar to those of other, file-locker Trojans, its' authors may be brute-forcing a business network's logins or sending spam-based email attacks to the employees. Torrents and malvertising (or corrupted advertisements) are other techniques in use for file-locker Trojans of different families.

The compromise of the PC lets the '.snatch File Extension' Ransomware search all drives and directories for media files, such as text documents, gallery images or pictures, music clips, or space-compressed archives for encrypting. Besides blocking the media in this fashion (using an algorithm that malware experts have yet to confirm, although AES is a likely option), the '.snatch File Extension' Ransomware also changes their names with the addition of its extension and creates a ransoming message with little information, other than the threat actor's e-mail.

Snatching Back the Files that Belong to You

While its only victims are residents of Saudi Arabia, the '.snatch File Extension' Ransomware could be equally suitable for harming files elsewhere around the world. Most file-locker Trojans' campaigns don't isolate their victims via geography, although there are notable exceptions, such as the Scarab Ransomware family. All PC users should defend their files appropriately by saving backups of them onto a spare storage device or second computer.

Users should avoid network passwords and other login credentials that could be at risk against a brute-force attack, which can cycle through default and widely-used combinations rapidly. They can also keep their PCs safe by scanning downloads, e-mail attachments especially, which malware analysts note as playing roles in many file-locker Trojans' campaigns. Having a strong anti-malware program for deleting the '.snatch File Extension' Ransomware or superseding its installation exploit, also, is preferable for a final defense and cleanup mechanism.

What kind of reward the '.snatch File Extension' Ransomware is snatching from its victims is questionable. What's not vague, however, is that there's no advantage in failing to copy your work somewhere that a Trojan can't attack, even on a Macintosh machine.

Loading...