Security News > 2023 > September > Feds raise alarm over Snatch ransomware as extortion crew brags of Veterans Affairs hit

The Snatch ransomware crew has listed on its dark-web site the Florida Department of Veterans' Affairs as one of its latest victims - as the Feds warn organizations to be on the lookout for indicators of compromise linked to the extortionist gang.

"After data exfiltration often involving direct communications with victims demanding ransom, Snatch threat actors may threaten victims with double extortion, where the victims' data will be posted on Snatch's extortion blog if the ransom goes unpaid," according to a joint advisory issued by the FBI and the US Cybersecurity and Infrastructure Security Agency on Wednesday.

Snatch threat actors gain persistence on a victim's network by compromising an administrator account and establishing connections over port 443 to a command and control server located on a Russian bulletproof hosting service.

Per IP traffic from event logs provided by recent victims, Snatch threat actors initiated RDP connections from a Russian bulletproof hosting service and through other virtual private network services.

The FBI has observed Snatch affiliates spending as much as three months on victims' networks before deploying ransomware.

The Feds also suggest ways to minimize risk based on Snatch's activity and, perhaps unsurprisingly, monitoring your organization's use of remote access tools tops the list.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/09/20/feds_issue_snatch_ransomware_alert/