Ransomware Attack on Neovia S.A.S. by Snatch Ransomware Group

Overview

Neovia S.A.S., a French company specializing in the maintenance of road and airport infrastructure, fell victim to a cyberattack orchestrated by the notorious cybercrime group Snatch. The company's website was compromised in the attack, leading to the exfiltration of approximately 510 GB of data. Neovia S.A.S. operates with a team of between 20 to 49 employees and is headquartered in Evry, France.

Company Profile

Neovia S.A.S. provides technical solutions to enhance road and airport infrastructure maintenance. The company stands out in the industry for its expertise in improving infrastructure quality and efficiency.

Attack Details

The Snatch ransomware group, known for its sophisticated tactics, targeted Neovia S.A.S. with ransomware, resulting in the exfiltration of a significant amount of data. The leaked data, which has been fully published, poses serious risks to the privacy and security of the company and its stakeholders.

Ransomware Group Overview

The Snatch ransomware group distinguishes itself by operating a darknet website where they publish stolen data and advocate for free access to the information rather than selling it. The group has been active since 2018 and has targeted various organizations across different sectors.

Penetration Method

Snatch ransomware group utilizes deceptive tactics, such as using paid ads on Google.com to distribute malware disguised as popular free software. They also employ tools like Metasploit and Cobalt Strike for lateral movement and data exfiltration. The group spends considerable time within a victim's system to exploit the network and evade detection by disabling antivirus software and using deceptive executable names.

Sources:

• Neovia S.A.S. Official Website
• Krebs on Security
• SOCRadar
• CISA