The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released a joint Cybersecurity Advisory (CSA) on Sept. 20 warning about new and evolving threats from hackers utilizing Snatch ransomware.
The FBI and CISA have said they have identified Snatch ransomware variants that have been used to target “critical infrastructure sectors including the Defense Industrial Base (DIB), Food and Agriculture, and Information Technology sectors.”
“Since mid-2021, Snatch threat actors have consistently evolved their tactics to take advantage of current trends in the cybercriminal space and leveraged successes of other ransomware variants’ operations,” the agencies said.
FBI and CISA said some of the actions that Snatch threat actors have leveraged to execute their illegal activities include “ransomware operations involving data exfiltration and double extortion.”
“After data exfiltration often involving direct communications with victims demanding ransom, Snatch threat actors may threaten victims with double extortion, where the victims’ data will be posted on Snatch’s extortion blog if the ransom goes unpaid,” stated agencies.
Furthermore, the CSA makes it known that Snatch threat actors used “weaknesses in Remote Desktop Protocol (RDP) for brute-forcing and gaining administrator credentials to victims’ networks.”
The advisory comes after the FBI early this year conducted an investigation to “disseminate known ransomware indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with the Snatch ransomware.”
The CSA provides network defenders with three vital recommendations to mitigate cyber criminals, including securing and closely monitoring RDP, maintaining offline data backups at all times, and enabling and enforcing phishing-resistant multifactor authentication (MFA).
