Home / Spyware Help / Snatch Ransomware Removal Guide

Snatch Ransomware Removal Guide

by 0 Comments

Do you know what Snatch Ransomware is?

Snatch Ransomware is an infection that has several different versions. According to the researchers in our internal lab, this is a new family of malware that was created to invade Windows operating systems and encrypt the personal files found on them. Although the different variants of this malware are more similar than different, certain differences do exist. For one, they all add unique extensions to the files they encrypt. The first threat to emerge from the family added “.snatch” as the extension, and that is why all other threats that came afterward are generally known by the same name. A few other variants we have tested include FileSlack Ransomware (“.FileSlack”) and Jupstb Ransomware (“.jupstb”). Without a doubt, all of these threats must be deleted, but, unfortunately, victims usually stall the process because they do not know what to do. If you need help removing Snatch Ransomware, keep reading.

You might have been tricked into letting in the malicious Snatch Ransomware yourself. This is how most file-encrypting threats spread because they cannot just appear out of nowhere or invade any chosen system. First, a security backdoor must be detected and exploited. In most cases, spam emails with misleading messages and fictitious file attachments are used to spread threats like that. If the threat is executed successfully, it starts encrypting files immediately. The threat does not create any new files besides the TXT file that displays a simple text message. Other than that, Snatch Ransomware operates from where it landed, and so it should not be difficult to eliminate it. Unfortunately, most victims will realize that they need to remove this threat only after all of their personal files are encrypted.Snatch Ransomware Removal GuideSnatch Ransomware screenshot
Scroll down for full removal instructions

The files with the “.snatch” extension cannot be recovered, and that is the strength of the malicious Snatch Ransomware. Once all personal files are encrypted, the “Readme_Restore_Files.txt” file is created. It was found that this file is added to the Startup to ensure that it opens automatically whenever the system is launched. Besides that, copies of it should be created in every folder where encrypted files exist. According to our research, the ransom note inside the TXT file changes depending on the variant of the threat. If your files were encrypted and the “.snatch” extension was appended, you should face a message pushing you to email imBoristheBlade@protonmail.com. The email addresses linked to other variants include johnsonwhate@protonmail.com, johnsonwhate@tutanota.com, gomer@horsefucker.org, and gomersimpson@keemail.me. Communicating with cyber criminals is never a good idea because they can then try to scam you and make you pay money in return for alleged file decryptors. Do not fall for this scam and quickly figure out how to delete malware.

Since Snatch Ransomware does not create files besides the text file, removing it manually might be an easy task. Of course, if you want to succeed, you need to find the launcher file, and we cannot help you here. If you downloaded and opened the file yourself, hopefully, you know exactly where to look for it. That being said, manual removal is not the only option you have got, and it might be smarter to install anti-malware software that could automatically delete Snatch Ransomware along with any other threats that might exist. If you need help making decisions and removing the infections, post a comment below.

Remove Snatch Ransomware

  1. Remove all recently downloaded suspicious executables.
  2. Tap Win+E keys on the keyboard to launch Windows Explorer.
  3. Enter the following paths into the quick access bar to access them:
    • %ALLUSERSPROFILE%\Start Menu\Programs\Startup
    • %APPDATA%\Microsoft\Windows\Start Menu\Startup
    • %USERPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
    • %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
    • %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup
  4. Delete the ransom note file named Readme_Restore_Files.txt.
  5. Delete the remaining copies of the TXT file found alongside encrypted files.
  6. Empty Recycle Bin and then quickly perform a full system scan using a legitimate malware scanner.

In non-techie terms:

Snatch Ransomware is a threat that can destroy your personal files. It slithers in silently, and then it encrypts files using a complex algorithm. After that, the files are stuck, and, in theory, you can recover them only if you have the decryptor. That is what the attackers behind the infection might offer you if you contact them as instructed via the TXT file created after the initial attack. Even if you do as told, your files are unlikely to be recovered, which is why we hope that you have backup copies. If you do, delete Snatch Ransomware without further delay. Of course, you must remove this infection regardless of your situation. If you are interested in eliminating it manually, check out the guide above, but also think about utilizing anti-malware software. After all, you need the protection it can provide you with, and the complete removal of existing threats is just an added bonus.