Today, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released joint Cybersecurity Advisory (CSA) #StopRansomware: Snatch Ransomware, which provides indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with the Snatch ransomware variant. FBI investigations identified these IOCs and TTPs as recently as June 1, 2023.
Snatch threat actors operate a ransomware-as-a-service (RaaS) model and change their tactics according to current cybercriminal trends and successes of other ransomware operations.
FBI and CISA encourage organizations review the joint CSA for recommended steps and best practices to reduce the likelihood and impact of Snatch ransomware incidents. For general ransomware guidance, visit StopRansomware.gov, which provides resources, including the updated Joint #StopRansomware Guide.
To report incidents and anomalous activity, contact a local FBI field office or CISA, either through the agency’s Incident Reporting System or the 24/7 Operations Center at report@cisa.gov or (888) 282-0870.