‘Snatch’ Ransom Group Exposes Visitor IP Addresses

The victim shaming site operated by the Snatch ransomware group is leaking data about its true online location and internal operations, as well as the Internet addresses of its visitors, KrebsOnSecurity has found. The leaked data suggest that Snatch is one of several ransomware groups using paid ads on Google.com to trick people into installing malware disguised as popular free software, such as Microsoft Teams, Adobe Reader, Mozilla Thunderbird, and Discord.

8base ransomware addresses ads breadcrumbs data data breaches domaintools.com found google @htmalgae internal internet ip addresses leaked location malwarebytes microsoft teams ne'er-do-well news operations paid people ransom ransomware ransomware group ransomware groups rilide shaming snatch snatch ransomware trustwave spiderlabs victim