Ransomware tape disables security

pts20241030018 Research/Entwicklung, Technology/Digitalisierung

Spezielle Schadsoftware has Schutzprogramma as well as different dates

Jena (pts018/30.10.2024/11:40)

Cybercriminals find a new path, one of your ideas. One of ESET’s secret resources has been added: In June 2024, the Ransomware Group developed an embargo of useless malicious software, with its best Endpoint-Detection-and-Response(EDR) removal and deactivation options. The power of power dies through the appropriate destruction of the mode and one of its consequences. It is the Security Software that is first used a little, so that the Kriminellen will receive full data of research and settlements. If you are concerned with the display of the gestohlene information and the loss of money.

Users of ESET’s EDR and MDR solutions are not affected and are certain.

“Embargo is one of the postponed groups,” says ESET-Forscher Jan Holman, who together with his colleagues Tomáš Zvara removed the passed hat. “If you no longer engage in a ransomware-as-a-service purchase, then this is the case. If you do, it is an embargo with a ransomware-as-a-service purchase, which your service partner offers.

Two tools for a great work experience

The hacker sets the fall on two Werkzeuge: a loader (MDeployer), also a program, the installation of the signaler installation displays the code and can be executed, and an EDR-Killer (MS4Killer). You are trading with a software software, the security software on the deactivating Soul computer. This tactic occurs in more Ransomware groups with einsatz.

MDeployer lacks Abgesicherten mode, a security solution for deactivation. Here you will find the Loader MS4Killer with a typical work, with the display of your computers last: with Hilfe of the so-called Bring-your-own-vulnerable-driver (BYOVD) technology developed by solving EDR releases. If you receive the work, a bad kernel treiber error is caused by a proprietary program code.

Ransomware ties can work on the BYOVD workshop, a software that is manipulated, the evil infrastructure is scrapped. After these Schutz mechanisms are disabled, install the Hacker and the Ransomware – and it will be activated. The hacker doing his job makes the fears provide a best solution, one of those things. The tool is written in the Rust programming language.

More information can be found in the blog post “Embargo ransomware: Rock’n’Rust” at www.welivesecurity.com/de.

(End)