Do you know what questions to ask when you're looking for an IT firm? We're here to help. Get the free guide delivered right to your inbox:
In a new development, attackers deploying the BlackCat ransomware have started using a signed kernel driver to deploy their malicious payloads. This discovery was made by cybersecurity firm MalwareHunterTeam, who noticed that the latest version of BlackCat was now using a signed sys driver, making it easier to bypass security programs.
By utilizing this signed driver, the ransomware is able to bypass user access controls (UAC) to gain privileges without needing to be run as administrator. This makes BlackCat much more effective at infiltrating protected networks and encrypting vulnerable machines. Once inside the network, BlackCat can carry out its payload, encrypting data and making files inaccessible until a ransom is paid.
Unfortunately, this particular type of the ransomware is known for being highly complex and destructive. Fortunately, the MalwareHunterTeam has reported that the driver being used is an old version and is not digitally signed anymore. This means that it is potentially less dangerous than it could have been.
However, it pays to remain vigilant when it comes to cyber threats like ransomware. Network administrators should ensure that their antivirus programs are up to date with the latest signatures and that operations remain secure. It is also advised to make sure critical files and data are backed up in a safe and secure location, so that they can be restored should the situation ever arise.
No one is immune to cyberattacks, but the more prepared you are, the better chance you have of protecting your organization.
In a new development, attackers deploying the BlackCat ransomware have started using a signed kernel driver to deploy their malicious payloads. This discovery was made by cybersecurity firm MalwareHunterTeam, who noticed that the latest version of BlackCat was now using a signed sys driver, making it easier to bypass security programs.
By utilizing this signed driver, the ransomware is able to bypass user access controls (UAC) to gain privileges without needing to be run as administrator. This makes BlackCat much more effective at infiltrating protected networks and encrypting vulnerable machines. Once inside the network, BlackCat can carry out its payload, encrypting data and making files inaccessible until a ransom is paid.
Unfortunately, this particular type of the ransomware is known for being highly complex and destructive. Fortunately, the MalwareHunterTeam has reported that the driver being used is an old version and is not digitally signed anymore. This means that it is potentially less dangerous than it could have been.
However, it pays to remain vigilant when it comes to cyber threats like ransomware. Network administrators should ensure that their antivirus programs are up to date with the latest signatures and that operations remain secure. It is also advised to make sure critical files and data are backed up in a safe and secure location, so that they can be restored should the situation ever arise.
No one is immune to cyberattacks, but the more prepared you are, the better chance you have of protecting your organization.
