'.snatch File Extension' Ransomware

The '.snatch File Extension' Ransomware is a generic encryption Trojan that emerged on December 26th, 2018. The analysis of incident reports suggests that the '.snatch File Extension' Ransomware is distributed via corrupted documents proposed as CVs and invoices. Threat actors tend to use spoofed email addresses and abuse the macro functionality in the Microsoft Office to deploy threats like the '.snatch File Extension' Ransomware. The cyber-threat discussed here appears to use AES and RSA ciphers in the attack at the user-generated files. The '.snatch File Extension' Ransomware Trojan behaves identically to the Project57 Ransomware and the LyaS Ransomware. The Trojan encodes photos, text, presentations, audio, video, eBooks and PDFs. As the name suggests, the encoded data carries the '.snatch' suffix and the Windows Explorer displays the encoded items as generic white icons. For example, 'Sabaton-Wolfpack.mp3' is renamed to 'Sabaton-Wolfpack.mp3.snatch.' The ransom message is rather short and reminds of the notes left by Everbe 2.0 Ransomware. The '.snatch File Extension' Ransomware shows the following message to the infected users:

'All your files are encrypted
Do not try modify files
My email imBoristheBlade@protonmail.com'

The text provided above is enclosed in 'Readme_Restore_Files.txt' that is loaded in the system's default text editor. Computer security experts advise against negotiating with the cybercriminals and paying money for their "decryption services." There is the risk of being tricked and potentially exposing your machine to unauthorized remote access. You may want to clean your PC with the help of a trusted anti-malware tool and boot data backups.