Partner content
FBI, CISA issue joint warning on ‘Snatch’ ransomware-as-a-service
Cybersecurity advisories from the FBI and the US Cybersecurity and Infrastructure Security Agency (CISA) are usually a good indication that a particular threat merits priority attention from organizations in the crosshairs.
That would appear to be the case with “Snatch,” a ransomware-as-a-service (RaaS) operation that has been active since at least 2018 and is the subject of an alert this week from the two agencies.
Targeting Critical Infrastructure Sectors
The alert warned of the threat actor targeting a wide range of critical infrastructure sectors — including the IT sector, the US defense industrial base, and the food and agriculture vertical — with the most recent attacks happening in June.
“Since mid-2021, Snatch threat actors have consistently evolved their tactics to take advantage of current trends in the cybercriminal space and leveraged successes of other ransomware variants’ operations,” the advisory noted. “Snatch threat actors have been observed purchasing previously stolen data from other ransomware variants in an attempt to further exploit victims into paying a ransom to avoid having their data released on Snatch’s extortion blog.”
The advisory did not offer any explanation for the timing this week, especially considering the fact that the threat actor has been around for nearly five years. But Michael Mumcuoglu, CEO and co-founder of CardinalOps, thinks it might be connected to Snatch operation’s ramped-up efforts over the past year.
“There has been increased activity by the Snatch ransomware group over the last 12 to 18 months,” Mumcuoglu says. “They have claimed responsibility for several recent high-profile attacks, including ones involving South Africa’s Department of Defense, the California city of Modesto, Canada’s Saskatchewan airport, London-based organization Briars Group and others,” he notes.
To read the complete article, visit Dark Reading.
