BYOVD attacks deployed by novel Kasseika ransomware

BleepingComputer reports that antivirus systems have been targeted for deactivation by the newly emergent Kasseika ransomware operation in new Bring Your Own Vulnerable Driver attacks exploiting the TG Soft VirtIT Agent System's Martini driver. After successfully exfiltrating targets' account credentials through phishing emails, attackers proceeded to exploit the Windows PsExec tool to facilitate malicious batch file execution that would result in the termination of the "Martini.exe" process and the download of an insecure "Martini.sys" driver, according to a Trend Micro report. Execution of the process not only disables antivirus processes but also facilitates the distribution of Kasseika ransomware, which was found to have a file encryption approach resembling BlackMatter ransomware, while later removing post-encryption system event logs to further conceal malicious activity. Researchers also discovered that organizations impacted by Kasseika have been demanded a ransom of 50 Bitcoins or $2 million, with each day of delayed transactions amounting to an additional $500,000.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.