A fresh ransomware variant known as Snatch has been spotted in campaigns, forcing Windows machines to reboot into Safe Mode before beginning the encryption process. It s one of multiple components of a malware constellation being used in carefully orchestrated attacks that also feature rampant data collection. The attackers are using automated brute-force attacks to infiltrate company networks before spreading laterally. Snatch’s operators appear to have been active since the summer of 2018, according to the analysis however, the Safe Mode aspect is a newly added feature.
Source: https://threatpost.com/snatch-team-infiltrates-steals-data-ransomware/150974/