SnapMC Rapidly Steals Data, Demands Payment Without Ransomware

By | Managed Services News

Oct 15

SnapMC can breach systems and issue threats within the time it takes to install a software update.

SnapMC, a new cyber threat group, has emerged that skips ransomware and goes from breach to ransom in 30 minutes.

In less time than it takes to grab lunch, SnapMC can breach an organization’s systems, steal their sensitive data, and demand payment to keep it from being published, according to a new report from NCC Group’s threat intelligence team. No ransomware is required.

NCC Group hasn’t yet been able to link SnapMC to any known threat actors. The name SnapMC is derived from the actor’s rapid attacks and the exfiltration tool it uses, mc.exe.

The extortion emails from SnapMC give victims 24 hours to get in contact and 72 hours to negotiate, according to NCC Group. Furthermore, this actor starts increasing the pressure well before countdown hits zero.

SnapMC includes a list of the stolen data as evidence that they have had access to in the victim’s infrastructure. If the organization doesn’t respond or negotiate within the given time frame, the actor threatens to publish the data. Or worse, it immediately publishes the stolen data, and informs the victim’s customers and various media outlets.

Different Focus and Tactics

Ivanti's Srinivas Mukkamala

Ivanti’s Srinivas Mukkamala

To learn more about SnapMC, we spoke with Srinivas Mukkamala, Ivanti’s senior vice president of security products, and Raghu Nandakumara, field CTO at Illumio.

Channel Futures: How is SnapMC different from typical ransomware attacks?

Srinivas Mukkamala: The primary difference between SnapMC and typical ransomware attacks are the tactics they are adopting and their focus on the vulnerabilities they travel that provide remote access with elevated privileges for them to access data and exfiltrate.

Illumio's Raghu Nandakumara

Illumio’s Raghu Nandakumara

Raghu Nandakumara: SnapMC is squarely a theft-only attack, where attackers steal something valuable and require payment to return it. And they differentiate themselves from advanced persistent threats (APTs) because they strike with speed, rather than a low-and-slow approach. Unlike typical ransomware threat groups, SnapMC skips the ransom and goes straight to extortion, meaning that threat actors can breach systems and issue threats during the time it takes for most people to install a software update, or go on a walk.

See our slideshow above for more on SnapMC and more cybersecurity news.

About the Author