January 24, 2024 at 07:06AM Kasseika, a new ransomware group, has adopted the Bring Your Own Vulnerable Driver (BYOVD) attack to evade security processes on Windows hosts, demonstrating similarities with the now-defunct BlackMatter. Their attack chain begins with a phishing email, followed by deploying remote administration tools and executing a malicious batch script. The ransomware … Read more
January 23, 2024 at 03:04PM A ransomware operation called ‘Kasseika’ has emerged, employing Bring Your Own Vulnerable Driver (BYOVD) tactics to disable antivirus software before encrypting files. It abuses a vulnerable driver to disable antivirus products protecting the system. Similarities with BlackMatter indicate possible connections. Victims are given 72 hours to deposit 50 Bitcoins, with … Read more
January 23, 2024 at 03:14AM The Kasseika ransomware group has been observed deploying BYOVD attacks, utilizing PsExec and exploiting Martini driver. It is suggested that the group may have acquired access to the source code of BlackMatter ransomware. The attack chain involves targeted phishing for initial access followed by remote administration tools and defense evasion … Read more