This devious ransomware changes all your Windows 10 passwords

REvil’s new Safe Mode attack vector is now fully automated

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The notorious REvilransomwarehas refined its attack vector once again to change the victim’s loginpasswordin order to reboot the computer intoWindowsSafe Mode.

While malicious groups are always updating their attack methodology to counter security measures, the threat actors behind the REvil ransomware are particularly adept at honing theirmalwareto make their attack campaigns more efficient. Security researchers recently accused REvil of targetingAcer’s back office computers, demanding arecord $50 million ransom.

Just last month security researchers learnt of REvil’s new methodology that enabled the threat actors to encrypt their victim’s file by rebooting into the Windows Safe Mode.

We’re looking at how our readers use VPN for a forthcoming in-depth report. We’d love to hear your thoughts in the survey below. It won’t take more than 60 seconds of your time.

Click here to start the survey in a new window«

Not-so-Safe Mode

Not-so-Safe Mode

Researchers believed this new attack strategy was designed as a means to bypass detection by Windows security mechanisms as well as any other protections employed by the user.

The Safe Mode also ensured the ransomware wouldn’t be interrupted by processes with higher privileges such asbackups, and servers.

Although that’s quite a novel approach, it relied upon someone to manually reboot Windows into the Safe Mode. The new changes as reported byBleeping Computerhowever automates the process.

The latest version of the ransomware will first change the user password, reportedly to DTrump4ever, and then reconfigure a few registry values to enable Windows to automatically login with the updated authentication information.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Via:BleepingComputer

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

Arcane season 2 finally gave us the huge Caitlyn and Vi moment we’ve been waiting for – and its creators say ‘we couldn’t have done it in season one’