.snatch Files Virus - How to Remove It

.snatch Files Virus – How to Remove It

remove .snatch ransomware virus restore files sensorstechforum guide

This article explains the issues that occur in case of infection with .snatch files virus and provides a complete guide on how to remove malicious files and how to potentially recover files encrypted by this ransomware.

A data locker ransomware dubbed .snatch files virus has been detected in the wild. In case that you are a victim of this nasty threat you won’t be able to open files that are marked with the .snatch extension. This is a result of significant modifications applied to their code. In addition, hackers will attempt to blackmail you into paying them a ransom fee for files decryption.

Threat Summary

Name.snatch Files Virus
TypeRansomware, Cryptovirus
Short DescriptionRansomware infection created for the corruption of common types of files. As a consequence hackers demand a ransom payment.
SymptomsImportant files are encoded with strong cipher algorithm. Their names display the extension .snatch while their information remains inaccessible.
Distribution MethodSpam Emails, Email Attachments, Corrupted Web Pages, Fake Software Installers
Detection Tool See If Your System Has Been Affected by .snatch Files Virus


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .snatch Files Virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.snatch Files Virus – Distribution

In general, for the spread of threats like .snatch files virus, cyber criminals use spam email messages. This method enables them to trick as many users as possible to run the ransomware payload on their devices. Emails that aim to deliver malware on computer devices often pose as representatives of legitimate websites, services, and even governmental institutions.

They also contain a few traits that could help users detect the presence of malicious code. The most common one is a file attachment of frequently used type of files such as documents, archives, images, PDFs or other well-known file formats. Once such a file is loaded on a target device, it triggers the malicious code that leads to infection with .snatch ransomware.

Another malicious element that may appear in emails part of ransomware spread campaigns is URL address being it in the form of an in-text link, button, coupon, banner, image or other clickable forms. The load of the page behind this URL address results in the unnoticed execution of ransomware payload.

.snatch Files Virus – Infection Overview

When the payload of this .snatch ransomware manages to run on a target system, it initiates a long sequence of malicious tasks that plague some major system components. Infected system components enable the ransomware to complete its primary goal which is data encryption.

In the beginning, .snatch cryptovirus is likely to establish additional malicious files and objects on the infected computer. For the purpose, it could be either designed to create them directly in a target system directory, download them from a remote server or both. Eventually, like most of the analyzed ransomware infections, .snatch probably keeps its associated files and objects in some of the following system folders:

  • %Roaming%
  • %Windows%
  • %AppData%
  • %Local%
  • %Temp%

Once the cryptovirus establishes all needed files, it continues with the contamination of predefined system processes, components and settings most of which essential for system’s regular and secure performance.

The Windows Registry Editor is likely to be infected by this ransomware. By adding malicious values under some of the registry keys, .snatch becomes able to manipulate their functionalities. This way it could perform various malicious activities without being detected by active security measures and ensure its persistent presence on the system.

In addition, when it adds certain valued under the registry sub-key Run or RunOnce, .snatch could automatically load its ransom note on the PC screen. This note is stored in a text file named Readme_Restore_Files.txt and all it reads is:

All your files are encrypted
Do not try modify files
My email [email protected]

This is a short message that does not provide many details on hackers’ demands. Apparently, they expect victims to contact them at the presented email address so that the first could receive more information on how to restore encrypted files. Beware, that such an action could lead to additional security issues that could affect your privacy. Furthermore, even a successful ransom payment does not guarantee the recovery of your encoded files, so be advised to refrain from following hackers instructions before you attempt to solve the problem in a secure manner.

.snatch Files Virus – Encryption Process

When .snatch reaches the data encryption stage, it activates an inbuilt encryption module. This module is set to run a sophisticated cipher algorithm every time the ransomware detects a target type of file. Unfortunately, all of the following files could be encrypted by .snatch files virus as they are commonly used for the storage of important data:

  • Audio files
  • Video files
  • Document files
  • Image files
  • Backup files
  • Banking credentials, etc

Following encryption, all corrupted files appear with the extension .snatch at the end of their original names. Due to transformations applied to their code, they remain inaccessible until an efficient solution reverts them back to original state.

Remove .snatch Files Virus and Restore Data

The .snatch cryptovirus is a threat with highly complex code that plagues not only your files but your whole system. So you should clean and secure your infected system before you could use it regularly again. Below you could find a step-by-step removal guide that may be helpful in attempting to remove .snatch ransomware. Choose the manual removal approach if you have any previous experience with the detection of malware files. If you don’t feel comfortable with the manual steps select the automatic section from the guide. Steps there will enable you to check the infected system for ransomware files and remove them with a few mouse clicks.

In order to keep your system secure against ransomware and other types of malware in future, you should consider the installation of a reliable anti-malware program. Additional security layer that could help you prevent the occurrence of ransomware attacks is

With the different types of ransomware emerging and evolving on a daily basis, a need for better protection against such viruses arises. A more specific kind of protection is always necessary, in addition to any anti-malware tools. The following article...Read more
anti-ransomware tool.

If you want to understand how to potentially fix encrypted files without paying the ransom read carefully all the details mentioned in step “Restore files”. Beware that before the data recovery process you should back up all encrypted files to an external drive as this will prevent their irreversible loss.

Gergana Ivanova

Gergana Ivanova

Gergana has completed a bachelor degree in Marketing from the University of National and World Economy. She has been with the STF team for three years, researching malware and reporting on the latest infections.

More Posts

Follow Me:
Google Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share