Security News > 2019 > December > Snatch Ransomware Reboots Windows in Safe Mode to Bypass Antivirus
2019-12-10 01:28
Cybersecurity researchers have spotted a new variant of the Snatch ransomware that first reboots infected Windows computers into Safe Mode and only then encrypts victims' files to avoid antivirus detection. Unlike traditional malware, the new Snatch ransomware chooses to run in Safe Mode because in the diagnostic mode Windows operating system starts with a minimal set of drivers and services
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/LssGEaMdxvY/snatch-ransomware-safe-mode.html
Related news
- Black Basta ransomware gang linked to Windows zero-day attacks (source)
- Black Basta Ransomware May Have Exploited MS Windows Zero-Day Flaw (source)
- Ransomware crew may have exploited Windows make-me-admin bug as a zero-day (source)
- CISA warns of Windows bug exploited in ransomware attacks (source)
- New Eldorado ransomware targets Windows, VMware ESXi VMs (source)
- New Ransomware-as-a-Service 'Eldorado' Targets Windows and Linux Systems (source)