Snatch Ransomware Hits Grauman’s Chinese, PetroVietnam

The Snatch ransomware gang has listed a host of victims from across the globe, from the iconic Grauman’s Chinese Theatre to Vietnamese petroleum giant PetroVietnam. This prolific threat group uses Snatch ransomware to target Windows devices by evading detection by forcing infected hosts to reboot into Safe Mode.  

Researchers at Cyble have confirmed that the threat gang has targeted several other organizations, including Italian National Youth Tourism Center; Columbian hospital CIELD; Square Yards, India; Altrux Medical, USA; ET Global; and Einatec in its latest attack.  

The Cyber Express has verified that its websites have not been affected at the time of publishing this article.  

Snatch, PVN, and Grauman’s Chinese Theatre  

PetroVietnam (PVN) is the marketing name of Vietnam Oil and Gas Group, a state-owned corporation established in 1975. PetroVietnam is engaged in the energy sector, including oil and gas and renewable energy.  

The attack comes days after the company declared its record revenues and profit. Its reported crude oil output in the first 11 months of 2022 reached 9.91 million tonnes, exceeding the yearly target by 13%,  reported VietnamPlus.  

The iconic Grauman’s Chinese Theatre, currently branded TCL Chinese Theatre, is a movie theatre on the historic Hollywood Walk of Fame.   

The theatre has concrete blocks in the front area that are imprinted with the signatures, handprints, and footprints of famous movie stars from the 1920s until today.  

How the gang snatches victims 

The Snatch ransomware gang employs the double extortion strategy, meaning the payload contains both ransomware and data stealer components. The group is popular among dark web forums and has been known to target businesses using automated brute-force attacks.

The group has been associated with several high-profile attacks, including the ransomware attack on the Colonial Pipeline in May 2021. At the time of writing, It is unclear who is behind the Snatch ransomware gang or where they are based, but they are believed to operate out of Eastern Europe.

In addition, the Snatch ransomware operators employ affiliate partners to get first access to business networks. 

Source link