South African Department of Defence Hit By SNATCH Ransomware Attack, 1.6 Terabytes of Data Leaked

South African Department of Defence Hit By SNATCH Ransomware Attack, 1.6 Terabytes of Data Leaked

Date:

What You Need To Know: 

3 days ago, the ransomware gang SNATCH hit the computers of South Africa’s Department of Defence. Using the ‘double extortion’ method, the group utilises a payload comprised of ransomware and data-stealing components, after which the malware then employs brute force attacks against the ill-protected applications of the target organisation. Being a ‘stealthy malware’ SNATCH takes advantage of the fact that many Windows computers do not run endpoint protection mechanisms in safe mode and forces the targeted computer to reboot into the mode, thus bypassing the computer’s in-built malware diagnostic systems. 

In a post by the group on Telegram, they call South Africa’s President Cyril Ramaphosa “the main arms baron of the black continent” continuing “[South Africa] is in fact a satellite of the USA. Laundering through the company DARPA billions of dollars for large corporations in the arms trade.” DARPA, or the Defense Advanced Research Projects Agency is a US-owned research and development agency focused on producing new and emerging technologies for the United States Military. 

Furthermore, the group leaked the private contact details of Ramaphosa, Military Colonels, as well as the details of almost every top government minister, finishing off the post with a hashtag the #costofmistake. 

Military contacts, internal call-signs and more are feared to be in the 1.6TB of data leaked, with the South African Government undertaking an unsuccessful 12-hour long denial-of-service (DDOS) attack on SNATCH’s website, the classified data remains available for the public to access. 

A Veteran Ransomware Gang: 

In February, SNATCH attacked the Californian city of Modesto for more than 3 days, targeting police car laptops and accessing the names, addresses, Social Security numbers, medical information included in work status reports, driver’s license numbers, and state-issued identification numbers of the city’s officers. 

Additionally, in 2022, the group hit Canada’s Saskatchewan airport, and held the facility under ransom, although it is not clear if the airport paid up, SNATCH continued to leak the files it accessed during the attack. 

Bianca Bridger
Bianca Bridger
Bianca Bridger is a Political Science Graduate from the University of Otago, New Zealand. Currently working as an Editor for The ModernInsurgent and writing for Atlas News, her interests include conflict politics, history, yoga and meditation.
- Sponsor -spot_img
- Sponsor -spot_img

Week's Top Stories

More In This Category
Related

Seoul and Astana Sign 30 Agreements Together

On June 12th, South Korea and Kazakhstan agreed to...

Vietnam Condemns Chinese Research Vessel’s Presence in Gulf of Tonkin

On June 6th, Vietnam’s Ministry of Foreign Affairs (MOFA)...

UN Security Council Approves US Ceasefire Resolution

The UN Security Council (UNSC) has approved a resolution...

The Turkish-Greek Feud and their Changing Strategy

Geopolitical analysts have taken an interest in the Aegean...