‘Snatch’ Ransom Group Exposes Visitor IP Addresses
The Snatch ransomware group, known for stealing data and shaming victims who refuse to pay the ransom, has been found leaking information about its location and operations. The group uses paid ads on Google to trick people into downloading malware disguised as popular free software. The leaked data also reveals the IP addresses of visitors to the group's darknet site, with many coming from Russia. The Snatch group's phishing domains were registered to a Russian name associated with malicious Google ads. It appears that multiple cybercrime groups are using these domains to phish and distribute information-stealing malware. This includes ads that hijack search results on Google.com and lead to malicious domains. The exposed data on the Snatch site was discovered by a security researcher who found it ironic that a group shaming others for not protecting user data would leak their own. Users are advised to be cautious when downloading software and to verify the authenticity of domains before installing anything.