I came across this in my reading today and thought it was worth sharing. Very interesting what this strain of ransomware is doing to gain access to files and deliver its payload.
1 Like
Sophos has a great breakdown here https://news.sophos.com/en-us/2019/12/09/snatch-ransomware-reboots-pcs-into-safe-mode-to-bypass-protection/ about how it works.
And their GitHub has all the of IoC information https://github.com/sophoslabs/IoCs/blob/master/Ransomware-Snatch