Ransomware might still be today’s biggest cyber menace, but a new gang of cybercriminals is skipping the ransomware to streamline its path to lucrative payouts. SnapMC aims to breach systems, steal data, and issue extortion threats in less time than it takes you to finish your lunch break
A new report from forensic consultants at Fox-IT details the operations of this recently-discovered threat group, which has yet to be linked to any previous groups. The last two letters of the name SnapMC comes from the tool the hackers use to exfiltrate data from its victims: mc.exe. The “snap” comes from the speed with which the attacks unfold.
Fox-IT says they’re on a pizza delivery-like schedule, aiming for success in 30 minutes or less. Once data has been stolen, SnapMC gives victims just 24 to 72 hours to decide whether to pay up or watch their sensitive data posted online for all to see.
SnapMC takes two main approaches to breaching networks, scanning for vulnerabilities in both web servers and VPN servers and appliances. In particular, the group seems to be utilizing the so-called Blue Mockingbird vulnerability that affects older versions of the Telerik UI for ASP.NET applications.
The vulnerability was actually addressed by the vendor midway through 2020, but numerous corporate systems remain unpatched and at risk. That leaves plenty of potential victims for SnapMC to target.