What You Need To Know:
3 days ago, the ransomware gang SNATCH hit the computers of South Africa’s Department of Defence. Using the ‘double extortion’ method, the group utilises a payload comprised of ransomware and data-stealing components, after which the malware then employs brute force attacks against the ill-protected applications of the target organisation. Being a ‘stealthy malware’ SNATCH takes advantage of the fact that many Windows computers do not run endpoint protection mechanisms in safe mode and forces the targeted computer to reboot into the mode, thus bypassing the computer’s in-built malware diagnostic systems.
In a post by the group on Telegram, they call South Africa’s President Cyril Ramaphosa “the main arms baron of the black continent” continuing “[South Africa] is in fact a satellite of the USA. Laundering through the company DARPA billions of dollars for large corporations in the arms trade.” DARPA, or the Defense Advanced Research Projects Agency is a US-owned research and development agency focused on producing new and emerging technologies for the United States Military.
Furthermore, the group leaked the private contact details of Ramaphosa, Military Colonels, as well as the details of almost every top government minister, finishing off the post with a hashtag the #costofmistake.
Military contacts, internal call-signs and more are feared to be in the 1.6TB of data leaked, with the South African Government undertaking an unsuccessful 12-hour long denial-of-service (DDOS) attack on SNATCH’s website, the classified data remains available for the public to access.
A Veteran Ransomware Gang:
In February, SNATCH attacked the Californian city of Modesto for more than 3 days, targeting police car laptops and accessing the names, addresses, Social Security numbers, medical information included in work status reports, driver’s license numbers, and state-issued identification numbers of the city’s officers.
Additionally, in 2022, the group hit Canada’s Saskatchewan airport, and held the facility under ransom, although it is not clear if the airport paid up, SNATCH continued to leak the files it accessed during the attack.