There are a few things that I thought you all would be interested in.
1) Snatch ransomware is becoming a favorite of Russian hackers
https://www.zdnet.com/article/snatch-ra ... irus-apps/
The authors of the Snatch ransomware are using a never-before-seen trick to bypass antivirus software and encrypt victims' files without being detected.
The trick relies on rebooting an infected computer into Safe Mode, and running the ransomware's file encryption process from there.
The reason for this step is that most antivirus software does not start in Windows Safe Mode, a Windows state meant for debugging and recovering a corrupt operating system.
However, the Snatch crew discovered that they could use a Windows registry key to schedule a Windows service to start in Safe Mode. This service would run their ransomware in Safe Mode without the risk of being detected by antivirus software, and having its encryption process stopped.
2) Russian hacking against Ukraine
https://www.cyberscoop.com/gamaredon-ap ... -foritnet/
A suspected Russian hacking campaign that’s resulted in attacks against Ukrainian military and government agencies also has affected journalists, law enforcement and nongovernmental organizations, according to new findings.
Gamaredon, a hacking group that has been active since 2013 and mostly haunted Ukrainian government targets, has broadened its reach within that country, the threat intelligence company Anomali said in research published Dec. 5.
