Summary: The Snatch ransomware group's victim shaming site is leaking data about its visitors, including their IP addresses. The group is using paid ads on Google to distribute malware disguised as popular free software. The Snatch darknet site generates significant traffic, with many visitors coming from Russia. The site also exposes its server status page, revealing information about user access. Several internet addresses in Russia are frequently accessing the site. The domains associated with the Snatch ransomware gang are registered to Mihail Kolesnikov, who is also linked to phishing domains and malicious Google ads. The exposed "server status" page was discovered by a security researcher.

Hashtags: #SnatchRansomware #DataLeaks #MalwareDistribution #GoogleAds #IPAddresses #Darknet #ServerStatusPage #RussianInvolvement #PhishingDomains #MaliciousAds #InformationStealingMalware

https://krebsonsecurity.com/2023/09/snatch-ransom-group-exposes-visitor-ip-addresses/