Security News > 2019 > December > Snatch Ransomware Reboots Windows in Safe Mode to Bypass Antivirus
2019-12-10 01:28
Cybersecurity researchers have spotted a new variant of the Snatch ransomware that first reboots infected Windows computers into Safe Mode and only then encrypts victims' files to avoid antivirus detection. Unlike traditional malware, the new Snatch ransomware chooses to run in Safe Mode because in the diagnostic mode Windows operating system starts with a minimal set of drivers and services
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/LssGEaMdxvY/snatch-ransomware-safe-mode.html
Related news
- MFA bypass becomes a critical security issue as ransomware tactics advance (source)
- JPCERT shares Windows Event Log tips to detect ransomware attacks (source)
- Use Windows event logs for ransomware investigations, JPCERT/CC advises (source)
- New Windows Driver Signature bypass allows kernel rootkit installs (source)