Detecting the common Go functions and variables names used by Snatch ransomware

Snatch Ransomware

Ransomware family generally distributed through RDP bruteforce attacks.

Deletes shadow copies

Ransomware often targets backup files to inhibit system recovery.

Modifies extensions of user files

Ransomware generally changes the extension on encrypted files.

UPX packed file

Detects executables packed with UPX/modified UPX open source packer.