Kasseika Ransomware Employs BYOVD Tactic to Impair Defenses
Kasseika Ransomware Employs BYOVD Tactic to Impair Defenses
Summary:
The ransomware operation ‘Kasseika’ has recently been identified using the Bring Your Own Vulnerable Driver (BYOVD) tactic. This involves exploiting vulnerabilities in a loaded driver to disable antivirus software before initiating the file encryption process. Through this strategy, the malware gains privileges to terminate 991 processes, including those related to antivirus products, security tools, analysis tools, and system utilities.
Threat Level – Red | Attack Report
For a detailed threat advisory, download the pdf file here
To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.