SnapMC group uses scanners and special malware to steal company files

Information security specialists from Fox-IT discovered the SnapMC hack group, which steals company files and is engaged in extortion without encryption.

Attackers break into companies, steal data, and then demand a ransom from victims, threatening to publish the stolen data in the public domain or report a breach and media leak. Interestingly, such attacks take only about 30 minutes for hackers.

The group got its name from fast attacks and the use of the mc.exe tool to steal data. Experts write that usually hackers break into company networks using various vulnerabilities.

For these purposes, SnapMC uses the Acunetix vulnerability scanner and finds bugs in VPNs, web servers, và như thế. Ví dụ, several intrusions were linked to the exploitation of the CVE-2019-18935 bug, a vulnerability in the Telerik ASP.NET UI component.

Having penetrated the victim’s network, hackers quickly move to collecting data and usually do not spend more than 30 minutes on the compromised network. To steal files, attackers use scripts to export data from a SQL database, then the CSV files are compressed using 7zip, and the MinIO client is used to transfer information to the hackers.

SnapMC then sends the hacked company an email listing the stolen files as evidence of the attack, and gives victims 24 hours to respond to the email and another 72 hours to agree on a ransom payment.

Fox-IT analysts emphasize that during the monitoring of the group, they did not notice that the hackers were using ransomware, although they had access to the victim’s internal network. Instead, attackers focus exclusively on data theft and subsequent extortion.

NCC Group’s Threat Intelligence team predicts that data breach extortion attacks will increase over time, as it takes less time, and even less technical in-depth knowledge or skill in comparison to a full-blown ransomware attack. In a ransomware attack, the adversary needs to achieve persistence and become domain administrator before stealing data and deploying ransomware. While in the data breach extortion attacks, most of the activity could even be automated and takes less time while still having a significant impact.researchers report.

Let me remind you that we also reported that Grief ransomware threatens to destroy victims’ data if they turn to negotiators.

Helga Smith

Tôi luôn quan tâm đến khoa học máy tính, đặc biệt là bảo mật dữ liệu và chủ đề, được gọi là ngày nay "khoa học dữ liệu", kể từ khi tôi còn ở tuổi thiếu niên. Trước khi vào nhóm Diệt Virus với vai trò Tổng biên tập, Tôi đã làm việc với tư cách là chuyên gia an ninh mạng tại một số công ty, bao gồm một trong những nhà thầu của Amazon. Một trải nghiệm khác: Tôi đã nhận được đang giảng dạy tại các trường đại học Arden và Reading.

Gửi phản hồi

Website này sử dụng Akismet để hạn chế spam. Tìm hiểu bình luận của bạn được duyệt như thế nào.

Nút quay lại đầu trang