SnapMC Rapidly Steals Data, Demands Payment Without RansomwareSnapMC Rapidly Steals Data, Demands Payment Without Ransomware
SnapMC can breach systems and issue threats within the time it takes to install a software update.
October 15, 2021
SnapMC, a new cyber threat group, has emerged that skips ransomware and goes from breach to ransom in 30 minutes.
In less time than it takes to grab lunch, SnapMC can breach an organization’s systems, steal their sensitive data, and demand payment to keep it from being published, according to a new report from NCC Group’s threat intelligence team. No ransomware is required.
NCC Group hasn’t yet been able to link SnapMC to any known threat actors. The name SnapMC is derived from the actor’s rapid attacks and the exfiltration tool it uses, mc.exe.
The extortion emails from SnapMC give victims 24 hours to get in contact and 72 hours to negotiate, according to NCC Group. Furthermore, this actor starts increasing the pressure well before countdown hits zero.
SnapMC includes a list of the stolen data as evidence that they have had access to in the victim’s infrastructure. If the organization doesn’t respond or negotiate within the given time frame, the actor threatens to publish the data. Or worse, it immediately publishes the stolen data, and informs the victim’s customers and various media outlets.
Different Focus and Tactics
Ivanti’s Srinivas Mukkamala
Channel Futures: How is SnapMC different from typical ransomware attacks?
Srinivas Mukkamala: The primary difference between SnapMC and typical ransomware attacks are the tactics they are adopting and their focus on the vulnerabilities they travel that provide remote access with elevated privileges for them to access data and exfiltrate.
Illumio’s Raghu Nandakumara
Raghu Nandakumara: SnapMC is squarely a theft-only attack, where attackers steal something valuable and require payment to return it. And they differentiate themselves from advanced persistent threats (APTs) because they strike with speed, rather than a low-and-slow approach. Unlike typical ransomware threat groups, SnapMC skips the ransom and goes straight to extortion, meaning that threat actors can breach systems and issue threats during the time it takes for most people to install a software update, or go on a walk.
See our slideshow above for more on SnapMC and more cybersecurity news.
About the Author(s)
You May Also Like
AWS re:Invent Partner, Vendor News: Cisco, Salesforce, MoreDec 01, 2023
People on the Move: Comcast, Cisco, NICE, TPx, Barracuda, MoreNov 29, 2023
AWS re:Invent 2023 Partner News: Marketplace, Salesforce, Certs, MoreNov 29, 2023
AWS re:Invent Expo: VMware, Snyk, HPE, More Showcase Cloud, Security, AINov 28, 2023