It seems like crimeware developers never sleep as defenses rise. They're always on the lookout for different ways of honing their weapons of attack. One of the most recent techniques is a ransomware strain that can force a Windows device to reboot into Safe Mode right before encryption begins, intending to get around endpoint protection.

This particular strain is known as Snatch owing to its authors, who refer to themselves as the Snatch Team. It was discovered by Sophos Labs researchers, who outlined their discovery together with insights into how such gangs break into enterprises and other entities on their hit list.

Were going to explain what Snatch ransomware is, how it works, and how you can remove it from your devices.

Snatch is a fresh ransomware variant whose executable forces Windows devices to reboot to Safe Mode even before the encryption process begins in a bid to bypass endpoint protection that often doesnt run in this mode.

Discovered by SophosLabs researchers and Sophos Managed Threat Response team, the snatch ransomware is among multiple malware constellation components being used in an ongoing series of carefully orchestrated attacks featuring extensive data collection.

The new strain of the ransomware uses a unique infection method that applies sophisticated AES encryption so that users whose machines are infected cant access their files.

Snatch ransomware was first noticeably active in April 2019, but it was released end of 2018. However, the spike in encrypted files and ransom notes led to its discovery and follow up by the team of researchers at Sophos.

Its crypto-virus form attacks high profile targets, but this new strain, created using Google Go program, comprises a collection of tools including a data stealer and ransomware feature. Plus, it has a Cobalt Strike reverse-shell and other tools used by penetration testers and system administrators.

Note: The variant Sophos discovered is only able to run on Windows in 32-bit and 64-bit editions from version 7 through 10.

As a file locking virus, Snatch ransomware has no connections with other strains. Still, its developers released nine variants of the threat, which append different extensions after data is encrypted with AES cipher.

The trick is to reboot machines into Safe Mode, and then the ransomware restricts access to your data by encrypting your files. After that, the hackers try to extort money from you by soliciting ransoms in the form of Bitcoin in exchange for unlocking your files and giving back data access.

Theres a reason why their trick works. Some antivirus software dont start in Safe Mode, and the developers discovered they could easily modify a Windows registry key and just boot your machine into Safe Mode. Thus the ransomware runs undetected by your security software.

The first time its installed on your device, it comes through SuperBackupMan, a Windows service, and sets up right before your computer starts rebooting so you cant stop it in time.

Once installed, the attackers use admin access to run BCDEDIT, a Windows command-line tool, to force your computer to reboot in Safe Mode immediately.

It then creates a random named executable in your %AppData% or %LocalAppData% folder, which will be launched and starts scanning your computers drive letters for files to encrypt.

There are specific file extensions it encrypts, including .doc, .docx, .pdf, .xls, and many others, which it infects and changes their extensions to Snatch so you cant open them again.

The ransomware leaves a Readme_Restore_Files.txt text file note, demanding anything between one and five Bitcoin in exchange for a decryption key, with information on how to communicate with the hackers to get your data files back.

After the ransomware scans your computer completely, it uses vssadmin.exe, a Windows command to delete all Shadow Volume Copies on it so you cant recover and use them to restore encrypted data files. The final step is to encrypt any data files on your hard drive.

Currently, infected files arent decryptable owing to the sophisticated nature of the AES encryption used. However, you still have a lifeline if your computer is infected by restoring your files from the most recent backup.

Snatch ransomware has been targeting regular users via spam emails. But today, the main targets are corporations. By paying such criminals, you not only lose money and have no guarantee that theyll send the decryption key to you, but it also encourages them to continue with their cyber criminality.

If you dont have an updated backup, theres not much else you can do other than wait until security experts come up with a Snatch ransomware decrypter. That could take a long time, but there are other ways you can protect yourself from such attacks.

One of the best ways to remove Snatch ransomware and other malware is to install good antivirus security software such as Malwarebytes or SpyHunter that can scan, detect, and eliminate the threat. Not all antivirus engines can catch it because its an entirely new malware, so its good to scan using several programs.

You can protect yourself and your devices against ransomware attacks by taking simple steps such as downloading software from trusted sources, and avoid opening email attachments from untrusted sources.

Other ways you can protect yourself and your organization from Snatch and other types of ransomware include:

Snatch ransomware may sound almost life-threatening in how it works to paralyze your files and devices. Before you think of paying that ransom, try the steps above to remove the threat and always take preventive measures to ensure this and such threats don't show up on your computer or network.

Next up: If you suspect your phone is infected with ransomware, check our next article to find out how to detect that and remove it.

Last updated on 18 Dec, 2019

Read this article:
What Is Snatch Ransomware and How to Remove It - Guiding Tech

NEW YORK -- The NYPD wants to encrypt its radios to prevent criminals from following their every move not hide from the media, police officials insisted Thursday.

Deputy Commissioner John Miller noted the department already has several channels that allow law enforcement agencies, like the FBI and Secret Service, to communicate without worrying about crooks listening in.

When you have sophisticated criminal organizations that are listening to your communications about them, that would only make sense, Miller, head of the NYPDs Counterterrorism and Intelligence Bureau, said Thursday.

Using a kidnapping investigation as an example, he added: How do you conduct one of those over the radio when the whole world is listening for entertainment value?

The NYPDs plan to silence radio transmissions was first reported Wednesday by amNewYork.

A police source said the NYPD may start a pilot program next year to test a department-wide encryption program.

The 2017 mass shooting in Las Vegas, in which a gunman killed 58 people and wounded more than 400 victims after listening to police and hotel security radio dispatches, was a wake-up call for the NYPD, the source said.

We cant have criminals with better technology and tools available than police, NYPD Police Commissioner Dermot Shea said.

Miller said the entire department is at least three years away from being fully encrypted, and noted that other police departments have made similar moves with "arrangements with the news media that made sense.

Las Vegas police now use encrypted radios but allow the press to buy their own radios. In Knoxville, Tenn., police radio traffic is posted after a one-hour delay.

Reactions in different cities have varied, however, with police being accused of limiting journalists access and cutting the public off to information.

2019 New York Daily News

Visit New York Daily News atwww.nydailynews.com

Distributed byTribune Content Agency, LLC.

See the rest here:
NYPD Eyeing Encrypted Radios to Protect Criminal Investigations - Officer

As the city continues to stay mum on the plan to encrypt tens of thousands of police radios in New York City, yet another group is expressing concerns that they will also be shut out of the NYPD feed volunteer firefighters and ambulance companies.

Dozens of volunteer ambulance groups currently respond to help New Yorkers around the city, and they monitor police radios to provide assistance.

Those radios will likely go silent should the NYPD proceed with its plan to encrypt all police radios in 2020, as reported Wednesday in amNewYork.

The NYPD, while not explicitly denying the amNewYork report, said in a statement Tuesday that the department is undergoing a systems upgrade that is underway for the next 3-5 years.

Part of that upgrade includes ensuring radios can support either encrypted or non-encrypted use, said Sergeant Jessica McCrory, a spokesperson for the NYPD Deputy Commissioner of Public Information. The Department constantly evaluates technology capabilities and safety measures, and once upgrades are complete, will determine encryption best practices based on safety needs of the city and law enforcement best practices.

Some companies also have access to the FDNY radio feed. The Fire Departments radios are capable for encryption, but officials there say they have no plans to do that. Even so, the NYPD and FDNY commanders would still need radios capable of communicating with each other.

All news organizations would potentially be locked out if the encryption plan goes forward. Many get their early tips of breaking news from listening to police radio scanners or following services which have such access.

Many advocacy groups have weighed in after amNewYorks report, including the Committee to Protect Journalists, which issued the following statement: CPJ is looking into this, and we have also shared it with the US Press Freedom Tracker.

When Police Officers Rafael Ramos and Wenjian Liu were shot to death in 2015, the Bedford-Stuyvesant Volunteer Ambulance Corps was able to quickly respond to the scene because they heard emergency calls on the police radio.

Thats how we responded so rapidly to them, said Antoine Robinson, commanding officer and CEO of the Bed Stuy Volunteer Ambulance. Thats how we get our jobs, but you know the police have to do what is best for the public and police department. No matter what they do, we still have to answer our call and obtain information we need.

Robinson said he plans to speak to the NYPD to see what can be done to maintain communications.

We used to sign out radios, but they stopped doing that, so may be something else can be worked out, Robinson said.

The Central Park Medical Unit, an all-volunteer ambulance unit serving Central Park and the surrounding streets, was able to save the life of a man injured by a home-made bomb in 2016. They were able to get to him quickly because they heard the call on NYPD radio.

Volunteer rescuers have been concerned about losing radio access for some time amid rumors about encryption.

Danny Cavanaugh, president of the Volunteer Firemans Association of New York, said volunteer companies around the city have expressed their concerns previously, but received little response from the NYPD.

We want to maintain the relationship we have always had, and we look forward to continuing it, Cavanaugh said. We always come to the aid of the police and hope we can continue to do that.

Travis Kessel, chairperson of District 4 New York State Volunteer Ambulance and Rescue Association, said it is essential that volunteer units closely with the police department and render aid in a timely manner.

Kessel, who works with the Glendale and Ridgewood Volunteer Ambulance Corps, said he has a close relationship with the NYPD, but losing the radio would make it difficult for the corps to respond to police emergencies.

Since weve existed, weve been part of every large scale event in city every blizzard, heat emergencies to obviously larger events like 9-11. Those open lines of communication to assist, then NYPD and FDNY and other agencies losing that line would be devastating, Kessel said. Our ability to help in a moments notice, by monitoring those radio frequencies and through media channels, allows us to bring aid quicker allows us to have that inside knowledge that knowing what type of resources are needed.

Councilman Donovan Richards, chair of the Public Safety Committee, said he and all other elected officials were taken aback by the radio encryption plans but hes not shocked to hear the NYPD doing this in secret.

Anything that goes backward and kills transparency in this city with the NYPD is not good for the public, Richards said. We are very interested in hearing from the NYPD this is not good for democracy.

Despite Mayor Bill de Blasio saying he would speak with Commissioner Dermot Shea about the radio encryption and loss of transparency, his office has yet to reply for comment.

Read this article:
Volunteer firefighters, EMTs worry they won't have NYPD radio access to help public - amNY

This morning the Senate Judiciary Committee held ahearing on encryption and lawful access. Thats the fanciful idea that encryption providers can somehow allow law enforcement access to users encrypted data while otherwise preventing the bad guys from accessing this very same data.

But the hearing was not inspired by some new engineering breakthrough that might make it possible for Apple or Facebook to build a secure law enforcement backdoor into their encrypted devices and messaging applications. Instead, it followedspeeches, open letters, and other public pressure by law enforcement officials in the U.S. and elsewhere to prevent Facebook from encrypting its messaging applications, and more generally to portray encryption as a tool used in serious crimes, including child exploitation. Facebook has signaled it wont bow to that pressure. And more than 100 organizations including EFFhave called on these law enforcement officials to reverse course and avoid gutting one of the most powerful privacy and security tools available to users in an increasingly insecure world.

Many of the committee members seemed to arrive at the hearing convinced that they could legislate secure backdoors. Among others, Senators Graham and Feinstein told representatives from Apple and Facebook that they had a responsibility to find a solution to enable government access to encrypted data. Senator Grahamcommented, My advice to you is to get on with it, because this time next year, if we haven't found a way that you can live with, we will impose our will on you.

But when it came to questioning witnesses, the senators had trouble establishing the need for or the feasibility of blanket law enforcement access to encrypted data. As all of the witnesses pointed out,even a basic discussion of encryption requires differentiating between encrypting data on a smartphone, also called encryption at rest, and end-to-end encryption of private chats, for example.

As a result, the committees questioning actually revealed several points that undercut the apocalyptic vision painted by law enforcement officials in recent months. Here are some of our takeaways:

The first witness was Manhattan District Attorney Cyrus Vance, Jr., who has called for Apple and Google to roll back encryption in their mobile operating systems. Yet by his own statistics, the DAs office is able to access the contents of a majority of devices it encounters in its investigations each year. Even for those phones that are locked and encrypted, Vance reported that half could be accessed using in-house forensic tools or services from outside vendors. Although he stressed both the high cost and the uncertainty of these tools, the fact remains that device encryption is far from an insurmountable barrier to law enforcement.

As we saw when the FBIdramatically lowered its own estimate of unhackable phones in 2017, the level of security of these devices is not static. Even as Apple and Google patch vulnerabilities that might allow access, vendors like Cellebrite and Grayshift discover new means of bypassing security features in mobile operating systems. Of course, no investigative technique will be completely effective, which is why law enforcement has always worked every angle it can. The cost of forensic tools may be a concern, but they are clearly part of a variety of tools law enforcement use to successfully pursue investigations in a world with widespread encryption.

Meanwhile, even as Vance focused on the cost of forensic tools to access encrypted phones, he repeatedly ignored why companies like Apple began fully encrypting their devices in their first place. In a colloquy with Senator Mike Lee, Apples manager of user privacy Erik Neuenschwander explained that the companys introduction of full disk encryption in iOS in 2014 was aresponse to threats from hackers and criminals who could otherwise access a wealth of sensitive, unencrypted data on users phones. On this point, Neuenschwander explained that Vance was simply misinformed: Apple has never held a key capable of decrypting encrypted data on users phones.

Neuenschwander explained that he could think of only two approaches to accomplishing Vances call for lawful access, both of which would dramatically increase the risks to consumers. Either Apple could simply roll back encryption on its devices, leaving users exposed to increasingly sophisticated threats from bad actors, or it could attempt to engineer a system where it did hold a master key to every iPhone in the world. Regarding the second approach, Neuenschwander said as a technologist, I am extremely fearful of the security properties of such a system. His fear is well-founded;years of research by technologists and cryptographers confirm that key escrow and related systems are highly insecure at the scale and complexity of Apples mobile ecosystem.

Finally, despite the heated rhetoric directed by Attorney General Barr and others at end-to-end encryption in messaging applications, the committee found little consensus. Both Vance and Professor Matt Tait suggested that they did not believe that Congress should mandate backdoors in end-to-end encrypted messaging platforms. Meanwhile, Senators Coons, Cornyn, and others expressed concerns that doing so would simply push bad actors to applications hosted outside of the United States, and also aid authoritarian states who want to spy on Facebook users within their own borders. Facebooks director for messaging privacy Jay Sullivan discussed ways that the company will root out abuse on its platforms while removing its own ability to read users messages. As weve written before,an encrypted Facebook Messenger is a good thing, but the proof will be in the pudding.

Ultimately, while the Senate Judiciary Committee hearing offered worrying posturing on the necessity of backdoors, were hopeful that Congress will recognize what a dangerous idea legislation would be in this area.

Read more:
The Senate Judiciary Committee Wants Everyone to Know It's Concerned About Encryption - EFF

Ahead of an upcoming senate hearing on encryption, Facebook executives have sent a letter to Attorney General William Barr in which they said that the social media giant would not provide law enforcement with access to its encrypted messaging products.

In the letter, written by WhatsApp head Will Cathcart and Messengerhead Stan Chudnovsky, the executives explained that by creating backdoor access into Facebook's products for law enforcement, the would also be giving cybercriminals and other bad actors a way to enter their systems, saying:

The backdoor access you are demanding for law enforcement would be a gift to criminals, hackers and repressive regimes, creating a way for them to enter our systems and leaving every person on our platforms more vulnerable to real-life harm. Peoples private messages would be less secure and the real winners would be anyone seeking to take advantage of that weakened security. That is not something we are prepared to do.

Facebook's CEO Mark Zuckerberg announced earlier this year that the company would be bringing end-to-end encryption to both Messenger and WhatsApp to make both of the apps faster, simpler, more private and more secure.

However, in October the Justice Department raised concerns about the company's encryption plans and suggested they would benefit criminals such as sex traffickers and pedophiles. Barr insisted that law enforcement should have access to company's systems in order to investigate these serious crimes, saying: Companies should not deliberately design their systems to preclude any form of access to content even for preventing or investigating the most serious crimes.

The letter from Facebook executives was sent in response to Barr's inquiry in October and it arrived just before a Senate Judiciary hearing on encryption. During that hearing, Chairman Lindsey Graham said that while he appreciates that cybercriminals can't hack into his smartphone, he still believes encrypted devices and messaging apps create a safe haven for criminals.

Facebook's director of messaging privacy Jay Sullivan then argued that American companies must lead when it comes to secure and encrypted messaging or foreign firms would take up the mantle. If this occurred, it would be even more difficult for US law enforcement officials to gain access to these services to conduct investigations.

The war for encryption continues and expect this issue to be debated heavily as governments try to protect their citizens from criminals and other threats while continuing to take away their privacy online.

Via The Verge

More:
Facebook says it won't break end-to-end encryption - TechRadar