Kasseika Ransomware Employs BYOVD Tactic to Impair Defenses

Summary:

The ransomware operation ‘Kasseika’ has recently been identified using the Bring Your Own Vulnerable Driver (BYOVD) tactic. This involves exploiting vulnerabilities in a loaded driver to disable antivirus software before initiating the file encryption process. Through this strategy, the malware gains privileges to terminate 991 processes, including those related to antivirus products, security tools, analysis tools, and system utilities.

Threat Level – Red | Attack Report

For a detailed threat advisory, download the pdf file here

To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.