![]() ![]() “Normally, third party software would be disabled on a computer that had been rebooted into Safe Mode, but these attackers clearly intended to continue to remotely access and control the targeted machines unimpeded,” the company says in a detailed writeup of the ransomware. AnyDesk is a remote desktop application that the attackers used to remotely access targeted machines if the ransomware deployment was initially unsuccessful. However, these attackers also modify the Safe Mode boot configuration to install and use the commercial IT management toll AnyDesk while computers were running in Safe Mode. This strain has appeared in a recent series of ransomware incidents in which attackers boot target computers in Safe Mode to disable endpoint protections.Īccording to the company, that’s not a new technique in deploying ransomware, as the now-defunct Snatch, REvil and BlackMatter ransomware families had done in the past. In a post and a series of tweets, the company introduces the IT community to an “up-and-coming” ransomware family that calls itself Avos Locker. Ransomware remains the top cybersecurity concern for businesses around the world, with new strains and operators popping up routinely, including one detailed by cybersecurity firm Sophos that leverages Safe Mode on target computers to disable third-party drivers and endpoint protection products.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |