Snatch Ransomware

Snatch Ransomware is a new file-encrypting threat that does not seem to belong to any of the already existing ransomware families. Currently, it has three versions that are all very much alike as they behave in an almost identical manner. The malware encrypts data that could be valuable to the user and then displays a ransom note saying the victim has to email the malicious application's developers, as they are the only ones who can decrypt his files. Even though this is probably true, we would still recommend against it. There is no way to know if the hackers will not attempt to scam you and if they do you could lose not just your data, but also your money. The note may not say anything about having to pay, but it is known such threats are designed for money extortion. If you decide you do not want to bargain with the hackers, we advise you to remove Snatch Ransomware with a trustworthy antimalware tool or instructions available below.

Even though Snatch Ransomware appears to be new, we doubt it will be distributed any differently from other ransomware applications. Usually, such malware travels with email attachments, installers, and various other files coming from unreliable sources. Our researchers especially recommend staying away from data send with Spam or available on torrent and similar file-sharing web pages, as files coming from such sources are more likely to be malicious. Of course, whenever you feel even the slightest suspicion, you should not take any chance and scan suspected data with a reliable antimalware tool first. If it appears to be potentially dangerous or harmful, you should follow the tools recommendations, which ought to warn you not to open the suspicious data but to erase it or put it in quarantine.

Our researchers report there are three Snatch Ransomware versions and they can be separated from the extension used on encrypted data. One of the version marks files with the .snatch extension (e.g., picture.jpg.snatch), the second one appends the .FileSlack extension (e.g., image.png.FileSlack), and the last one is known to place the .jupstb extension (e.g., text.docx.jupstb). The sample we found used the third mentioned extension that it added to every encrypted file. Afterward, the malicious application dropped ransom notes called Readme_Restore_Files.txt in all directories with enciphered files. The message in the note should be rather short, as the text we saw only advised not to try decrypting files without the hackers’ help and to contact them through the given email address. We are almost one hundred percent sure the cybercriminals would ask to pay a ransom in exchange for their services. The question is would they honor the agreement and send needed decryption tools after the victim pays.

Unfortunately, no one can know for sure, but since there were incidents when users lost their money in vain in the past, we advise not to put up with any demands if you do not want to risk your money. If you decide to erase Snatch Ransomware you have a couple of options. First one is to remove the malicious program manually, or in other words, delete all of its files one by one. The steps located below should help you with this task as they list the data the malware ought to create and locations where it should be placed.

It is only natural that less experienced users could find the process a bit too difficult. If this is the case, we advise leaving the threat’s deletion to a reliable antimalware tool. First install the tool and then do a full system scan with it. Afterward, the application should show a list of detections that you should be able to eliminate all at the same time by pressing the displayed removal button. Users who wish to know something else about Snatch Ransomware could also leave us a comment below. Lastly, we ought to mention that you might be unable to decrypt your files, but they can be replaced with backup copies (files on cloud storage, removable media devices, and so on).

Erase Snatch Ransomware

1. Tap Ctrl+Alt+Delete.
2. Launch Task Manager.
3. Look for the malware’s process.
4. Select the process and press End Task.
5. Leave the Task Manager.
6. Click Win+E.
7. Find these locations:
   %TEMP%
   %USERPROFILE%\desktop
   %USERPROFILE%\downloads
8. Look for the threat’s installer, right-click it and press Delete.
9. Navigate to these few paths:
   %APPDATA%\Microsoft\Windows\Start Menu\Startup
   %ALLUSERSPROFILE%\Start Menu\Programs\Startup
   %USERPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
   %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
   %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup
10. Find the malware’s ransom notes (Readme_Restore_Files.txt), right-click them and choose Delete.
11. Exit File Explorer.
12. Empty Recycle bin.
13. Restart the system.