SnapMC Rapidly Steals Data, Demands Payment Without Ransomware

SnapMC can breach systems and issue threats within the time it takes to install a software update.

Edward Gately, Senior News Editor

October 15, 2021

6 Slides
data theft
Shutterstock

SnapMC, a new cyber threat group, has emerged that skips ransomware and goes from breach to ransom in 30 minutes.

In less time than it takes to grab lunch, SnapMC can breach an organization’s systems, steal their sensitive data, and demand payment to keep it from being published, according to a new report from NCC Group’s threat intelligence team. No ransomware is required.

NCC Group hasn’t yet been able to link SnapMC to any known threat actors. The name SnapMC is derived from the actor’s rapid attacks and the exfiltration tool it uses, mc.exe.

The extortion emails from SnapMC give victims 24 hours to get in contact and 72 hours to negotiate, according to NCC Group. Furthermore, this actor starts increasing the pressure well before countdown hits zero.

SnapMC includes a list of the stolen data as evidence that they have had access to in the victim’s infrastructure. If the organization doesn’t respond or negotiate within the given time frame, the actor threatens to publish the data. Or worse, it immediately publishes the stolen data, and informs the victim’s customers and various media outlets.

Different Focus and Tactics

Mukkamala-Srinivas_Ivanti.jpg

Ivanti’s Srinivas Mukkamala

To learn more about SnapMC, we spoke with Srinivas Mukkamala, Ivanti’s senior vice president of security products, and Raghu Nandakumara, field CTO at Illumio.

Channel Futures: How is SnapMC different from typical ransomware attacks?

Srinivas Mukkamala: The primary difference between SnapMC and typical ransomware attacks are the tactics they are adopting and their focus on the vulnerabilities they travel that provide remote access with elevated privileges for them to access data and exfiltrate.

Nandakumara-Raghu_Illumio.jpg

Illumio’s Raghu Nandakumara

Raghu Nandakumara: SnapMC is squarely a theft-only attack, where attackers steal something valuable and require payment to return it. And they differentiate themselves from advanced persistent threats (APTs) because they strike with speed, rather than a low-and-slow approach. Unlike typical ransomware threat groups, SnapMC skips the ransom and goes straight to extortion, meaning that threat actors can breach systems and issue threats during the time it takes for most people to install a software update, or go on a walk.

See our slideshow above for more on SnapMC and more cybersecurity news.

Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn.

Read more about:

MSPsChannel Research

About the Author

Edward Gately

Senior News Editor, Channel Futures

As senior news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like