Ransomware Attack on Neovia S.A.S. by Snatch Ransomware Group

Incident Date:

May 15, 2024

World map

Overview

Title

Ransomware Attack on Neovia S.A.S. by Snatch Ransomware Group

Victim

Neovia SAS

Attacker

Snatch

Location

Saint-Nolff, France

, France

First Reported

May 15, 2024

Ransomware Attack on Neovia S.A.S. by Snatch Ransomware Group

Overview

Neovia S.A.S., a French company specializing in the maintenance of road and airport infrastructure, fell victim to a cyberattack orchestrated by the notorious cybercrime group Snatch. The company's website was compromised in the attack, leading to the exfiltration of approximately 510 GB of data. Neovia S.A.S. operates with a team of between 20 to 49 employees and is headquartered in Evry, France.

Company Profile

Neovia S.A.S. provides technical solutions to enhance road and airport infrastructure maintenance. The company stands out in the industry for its expertise in improving infrastructure quality and efficiency.

Attack Details

The Snatch ransomware group, known for its sophisticated tactics, targeted Neovia S.A.S. with ransomware, resulting in the exfiltration of a significant amount of data. The leaked data, which has been fully published, poses serious risks to the privacy and security of the company and its stakeholders.

Ransomware Group Overview

The Snatch ransomware group distinguishes itself by operating a darknet website where they publish stolen data and advocate for free access to the information rather than selling it. The group has been active since 2018 and has targeted various organizations across different sectors.

Penetration Method

Snatch ransomware group utilizes deceptive tactics, such as using paid ads on Google.com to distribute malware disguised as popular free software. They also employ tools like Metasploit and Cobalt Strike for lateral movement and data exfiltration. The group spends considerable time within a victim's system to exploit the network and evade detection by disabling antivirus software and using deceptive executable names.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.