From zdnet.com
The authors of the Snatch ransomware are using a never-before-seen trick to bypass antivirus software and encrypt victims’ files without being detected.
The trick relies on rebooting an infected computer into Safe Mode, and running the ransomware’s file encryption process from there.