Blog | G5 Cyber Security

Snatch ransomware reboots Windows in Safe Mode to bypass anti-virus protection

New strain of the Snatch ransomware reboots PCs it has just infected into Safe Mode. Safe Mode is a method of booting up a Windows system deployed when trying to diagnose a problem and resolve software conflicts. The ransomware installs itself as a Windows service called SuperBackupMan. It installs a key to the Windows registry so it will start up during a Safe Mode boot. Researchers say they have found evidence of several related attacks around the world against organisations, all of which were later discovered to have one or more computers with RDP exposed to the internet.”]

Source: https://grahamcluley.com/snatch-ransomware-reboots-windows-in-safe-mode-to-bypass-anti-virus-protection/

Exit mobile version