FBI and CISA Release Advisory on Snatch Ransomware - 20230921001

Overview

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released joint Cybersecurity Advisory (CSA) #StopRansomware: Snatch Ransomware, which provides indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with the Snatch ransomware variant. FBI investigations identified these IOCs and TTPs as recently as June 1, 2023.

What has been observed?

CISA added this vulnerabilty in their Cybersecurity Alerts & Advisories catalog on September 20, 2023.

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

The WA SOC recommends administrators perform a scan for the IOCs included and apply the mitigations as per CISA instructions.

Immediate action to take includes:

1. Secure and closely monitor Remote Desktop Protocol (RDP).
2. Maintain offline backups of data.
3. Enable and enforce phishing-resistant multifactor authentication (MFA).