A virus managed to bypass antivirus on Windows

Recently, it was discovered by computer security researchers a ransomware malware.

It has the distinction of settling down in the form of a Windows service. If the installation is successful, it causes the computer to restart in safe mode. this will have the immediate effect of disabling all protection programs. Eventually, it does what it was created for. Take the data from the terminal he infected hostage. Effectively as ransomware, it will proceed to encrypt the data thus preventing the main user from accessing it. This program has been referred to as "Snatch."

This article will also interest you: Windows and ransonware: Harder to fight ransomware

"Snatch" is a ransomware that has the exceptional ability to evade antivirus. How is that possible? Taking into account what has been observed, it was discovered that this malware took the form of a program in the Windows registry. It will take the form of backup software that takes the name "SuperBackupMan". We'll even see a description text that says, "This service makes backups every day."

So once in position, it will cause the start-up in safe mode as we explained above. The trick in this process, the restart in safe mode allows you to launch only a minimum of application. Which will exclude good on antivirus. However, the famous fictitious backup program "SuperBackupMan" will always be launched, strange thing by the way, but normal in a sense. This will prevent antivirus from detecting the encryption process that will be initiated by the malware once the start-up is complete. This may be good news, but this highly sophisticated process has not yet been observed in other programs of the same type.

Moreover, the cyber criminals who operate with this malware are, it must be admitted, true professionals. In practice, it would appear that their main target is companies. The program will then only be activated a long time of observation and analysis of their victim's systems. hackers take the trouble to observe and identify all the equipment they can easily reach weakened skin more easily the entire computer network of their target.

The example was observed in an international company that has been infected more than 200 machines, which is equivalent to 5% of its computer fleet. Once they were successful, the ransom was demanded to the tune of $35,000. But there have been cases where the ransom was much lower. Apparently several dozen companies have already been victims of this computer virus observed between July and October of this year.

According to some sources, hackers who are the publishers of the virus

"Snatch" are believed to be of Russian origin. This is assumed by the they use this language to exchange views on the forums of the Discussions. to successfully penetrate their victim's system upstream and implement the program, it is it seems that he is using the brute force technique. they've managed a once to break the password of a cloud service administrator It's Microsoft.

Regarding the vulnerability exploited by the Snatch virus, we hope that Microsoft will soon see a fix proposed patch tuesday in January 2020.

Now access an unlimited number of passwords:

Check out our hacking software