According to KrebsOnSecurity, the victim shaming website run by the Snatch ransomware gang is exposing information about its actual online location, internal operations, and the Internet addresses of its users. The exposed information indicates that Snatch is one of several ransomware organizations that employs paid advertisements on Google.com to deceive users into installing malware posing as widely used free programs like Microsoft Teams, Adobe Reader, Mozilla Thunderbird, and Discord.
The Snatch ransomware group, first discovered in 2018, has revealed data stolen from hundreds of businesses that declined to pay a demanded ransom. The content from the open Internet domain where Snatch publishes its stolen data is also replicated on the darknet website run by the Snatch team.