Snatch ransomware reboots Windows in Safe Mode to bypass anti-virus protection

Before you expose RDP, think to yourself “Do I feel lucky?”…:

[…] Worryingly, Sophos reports that the Snatch gang are different from other criminals spreading ransomware insomuch as they are not primarily focused on just extorting money – but also stealing data with the intention of later holding it for ransom or leaking it online.

Their recommendation beyond patching and running up-to-date anti-virus software if you want to reduce the chances of being hit?

“Sophos recommends that organizations of any size refrain from exposing the Remote Desktop interface to the unprotected internet. Organizations that wish to permit remote access to machines should put them behind a VPN on their network, so they cannot be reached by anyone who does not have VPN credentials.”

Sounds sensible to me.

Original article here