news

This virus restarts Windows in safe mode to bypass antivirus programs and infects your device with ransomware.

arabysoft705@gmail.comOctober 8, 2024

0 0 1 minute read

This virus restarts Windows in safe mode to bypass antivirus programs and infects your device with ransomware.

Starting Windows 10 in Safe Mode is one of the options provided by the Microsoft operating system. In fact, many of us have resorted to this mode in some cases to solve some basic issues. This mode limits the functions of the software when starting the computer and loading the operating system. Today, we are informed about Snatch, a new ransomware virus that restarts Windows 10 in Safe Mode to bypass antivirus programs.

As we know, ransomware is a type of malware that, once infecting a computer, encrypts files with a password and changes our files’ extensions. After this process is complete, a financial ransom is demanded to decrypt them.
The creators of Snatch have used an unprecedented technique to bypass antivirus protection and be able to encrypt files without being detected. The trick is to restart Windows 10 in Safe Mode to activate the malware operation later on.
The idea behind everything is to take advantage of the fact that many antivirus programs do not work in Safe Mode of the Windows 10 operating system. In this way, the computer is left unprotected. The Snatch development team discovered that by using a key in the Windows 10 registry, they can schedule a restart in this mode.
All of this was discovered by the Sophos Lab security team, who were called in to investigate a recent ransomware infection. This indicates that it is a highly effective technique and can be copied by another ransomware in the future by hackers. Therefore, they decided to publish this information publicly so that measures can be taken to avoid it in the future.