Just heard Whirlpool hit in Nefilim ransomware attack (28th Dec 2020)

Preface: Do you have doubt? For example: Mimikatz tool & Psexec.exe will detected by antivirus. How ransomware disable antivirus?

Technical Reference: Malware can no longer disable Microsoft Defender via the Registry.So it increase the difficulties to evade the defense mechanism. But it still cause great damage. A ransomware wreaked havoc on the digital world.

The most common ransomware attack vectors are:

  • Remote desktop protocol (RDP).
  • Email phishing.
  • Software vulnerabilities.
  • Malicious code hidden on the site
  • Malicious Email Links

How ransomware disable antivirus?

According to the vulnerability in operating system, software application,..etc. For more details, please refer to attached diagram. In additional, hackers exploit a vulnerability in a legitimate (.SYS) driver to gain kernel access will be an additional way. As a result, ransomware installs legitimate driver kill antivirus services.

Headline News: Home appliance giant Whirlpool hit in Nefilim ransomware attack – https://www.bleepingcomputer.com/news/security/home-appliance-giant-whirlpool-hit-in-nefilim-ransomware-attack/

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.