Wednesday, April 28, 2021

REvil Ransomware Now Able To Change Windows Passwords And Automate File Encryption In Safe Mode


The REvil Ransomware recently received an update that effectively allows malicious hackers to change Windows passwords, as well as automate a system’s file encryption via Safe Mode directly after that.

According to Bleeping Computer, the update was reportedly added in an effort to help these actors evade detection and to shut off backup software and database servers when encrypting the target’s files. Breaking down the update further, the new REvil ransomware reportedly changes the user’s password to “DTrump4ever” when the -smode argument is used.

As dastardly as this ransomware is, the silver lining in all this is that the affected person would still need to manually log in to Windows Safe Mode before the encryption can occur, and that alone could tip off the victim to the ransomware’s actions.

Of course, it should surprise no one that this isn’t the first time REvil has been cast into the spotlight. Last month, the hacker collective claimed responsibility for attacking the Taiwanese tech brand, Acer, and holding their servers hostage to the tune of US$50 million (~RM206 million).

In addition to the attack, the group also warned victims that it would not think twice about launching DDoS attacks on them or email their business partners about their activities. Should they choose not to pay the ransom.

No comments:

Post a Comment

Quest VR Headsets To No Longer Require A Facebook Account For Login

Meta has recently announced that a Facebook account is no longer needed for Quest VR headset logins. Instead, owners are now required to cre...