Kasseika, a ransomware gang, has become the latest to leverage the Bring Your Own Vulnerable Driver (BYOVD) assault to disable security-related processes on compromised Windows hosts, following groups such as Akira, AvosLocker, BlackByte, and RobbinHood.
Trend Micro claimed in a research that the technique enables “threat actors to terminate antivirus processes and services in order to deploy ransomware.”
Kasseika, identified by the cybersecurity firm in mid-December 2023, shares similarities with the now-defunct BlackMatter, which formed following DarkSide’s disintegration.
Given that the source code of BlackMatter was never made public after its demise in November 2021, there is evidence to imply that the ransomware strain may have been created by an experienced threat actor who purchased or secured access to the code.
Modus operandi
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: