Snatch ransomware group leaked stolen data from Saipress, a smartphone game app maker. The alleged Saipress data leak was posted on Snatch’s leak site page on April 17.
While the alleged data breach incident took place on November 21, 2022, the company is yet to officially confirm the same.
The victimized website on blogger.com – www.saipress.com was accessible at the time of writing. However, downloading the games was incessantly interrupted.
The alleged Saipress data leak
Independent cybersecurity analyst Dominic Alvieri confirmed the data leak that was conducted last year.
The Saipress data leak post had 4 files uploaded for downloads post the alleged Saipress data leak. It featured screenshots of data belonging to the Saipress game app maker.
Saipress game-making application from Japan was launched in September 2012.
The ‘Log Files’ section on the website read, “The information collected by log files include internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks. These are not linked to any information that is personally identifiable.”
The section further read that the information is used for the analysis of trends, keeping track of users’ movements on the website, and keeping demographic information.
The same is true with its hosting company, the website read. Black Jack Win, 5-Draw Poker Win, Contract Bridge Win, and Speed Win are some of the games launched by Saipress.
Snatch ransomware group
The Snatch ransomware group evades detection by forcing infected hosts to reboot in Safe Mode.
Its payload consists of ransomware and data stealers. They employ brute force attacks on vulnerable applications in organizations.
Snatch is known to reboot in safe mode before encrypting files on targeted devices. It moves laterally across systems and has been found deploying malicious files camouflaged as Windows Management Instrumentation files.
“They RDP’ed into the backup server, turned off Windows Defender, and executed safe.exe. They did this for every machine in the domain and within 15 minutes all machines were ransomed including the DCs,” research by The DFIR Report read.
Safe.exe is made in the Go language. The Safe executable runs 4 bat files that start the ransomware.
Remote Desktop Protocol (RDP) helps remotely control desktop computers. However, this is used by developers to solve problems users face on devices. In one ransomware incident, Snatch demanded $40,000 to decrypt encrypted files.
However, the victims negotiated for it to be given for less than $15,000.