SNet Ransomware Locks Most Files

Our team discovered the SNet ransomware during a routine examination of new malware samples. Ransomware, a type of malicious software, functions by encrypting data and then demanding a ransom for its decryption.

Upon running a sample of SNet on our testing system, it encrypted files and appended the ".SNet" extension to their original filenames. For instance, a file initially named "1.jpg" transformed into "1.jpg.SNet," and the same pattern applied to other locked files, such as "2.png" becoming "2.png.SNet." Following this encryption process, a ransom note named "DecryptNote.txt" was generated.

The ransom message conveyed that the files had been encrypted and also revealed that the victim's data, encompassing documents and databases, had been pilfered. Failure to contact the attackers or refusal to pay the ransom would result in the exposure of the exfiltrated content.

To retrieve the compromised files, payment of a ransom would be imperative. To verify the feasibility of decryption, the victim could submit two small encrypted files to the cyber criminals for a test.

SNet Ransom Note Offers Decryption of Two Files

The complete text of the SNet ransom note reads as follows:

Your Decryption ID: -

Your files are encrypted and We have stored your data on our servers,
including documents, databases, and other files,
and if you don't contact us, we'll extract your sensitive data and leak them.
Trust us, we know what data we should gather.

However, if you want your files returned and your data is secure from leaking,
contact us at the following email addresses:

snetinfo@skiff.com
snetinfo@cyberfear.com

(Remember, if we don't hear from you for a while, we will start leaking data)

What is the guarantee that we won't trick you?

You can send us two random small files in any format,
We will decrypt them for free and return it to you as a guarantee.

After you pay, we will send you decryption software and wipe all of your data.
Nobody will pay us in the future if we do not provide you with the decrypters
or if we do not remove your data after receiving payment.

We have no political goals and are not trying to harm your reputation.
This is our business. Money and our reputation are the only things that matter to us.
We attack businesses all throughout the world, and there has never been an unhappy victim after payment.

How Can Ransomware Infect Your Computer?

Ransomware can infiltrate your computer through various methods, often exploiting vulnerabilities or relying on deceptive tactics. Here are common ways ransomware can infect a computer:

Phishing Emails: Cybercriminals often use phishing emails to distribute ransomware. These emails may contain malicious attachments or links that, when opened or clicked, execute the ransomware on the victim's system.

Malicious Websites and Downloads: Visiting compromised or malicious websites can expose your computer to ransomware. Downloading files or software from untrustworthy sources increases the risk of inadvertently installing ransomware.

Exploiting Software Vulnerabilities: Ransomware creators may take advantage of security vulnerabilities in operating systems or software applications. Failure to promptly update your operating system and software increases the risk of falling victim to these exploits.

Drive-By Downloads: Some websites may automatically download malicious files to your computer without your knowledge or consent. These drive-by downloads can be triggered simply by visiting a compromised website.

Malvertising: Cybercriminals may use malicious advertising (malvertising) to spread ransomware. Clicking on infected online ads or banners can lead to the download and execution of ransomware on your computer.

Remote Desktop Protocol (RDP) Attacks: If your Remote Desktop Protocol is not properly secured, attackers can gain unauthorized access to your computer and deploy ransomware. Using strong, unique passwords and enabling two-factor authentication for RDP can help mitigate this risk.

USB Drives and External Devices: Ransomware can spread through removable media such as USB drives. Plugging an infected USB drive into your computer can introduce ransomware to your system.

Social Engineering: Attackers may use social engineering techniques to trick users into executing ransomware. This can involve disguising malicious files as legitimate ones or using social manipulation to convince users to take actions that lead to the installation of ransomware.

Watering Hole Attacks: In a watering hole attack, cybercriminals compromise websites that are frequently visited by their target audience. By infecting these websites, they increase the likelihood of infecting users who visit them.

To protect your computer from ransomware, it's essential to adopt good cybersecurity practices. This includes regularly updating your software, using reputable security software, being cautious with email attachments and links, avoiding suspicious websites, and maintaining secure access controls, among other measures.