This devious ransomware changes all your Windows 10 passwords

Ransomware
(Image credit: Shutterstock)
Audio player loading…

The notorious REvil ransomware (opens in new tab) has refined its attack vector once again to change the victim's login password (opens in new tab) in order to reboot the computer into Windows (opens in new tab) Safe Mode.

While malicious groups are always updating their attack methodology to counter security measures, the threat actors behind the REvil ransomware are particularly adept at honing their malware (opens in new tab) to make their attack campaigns more efficient. Security researchers recently accused REvil of targeting Acer’s back office computers, demanding a record $50 million ransom (opens in new tab).

Just last month security researchers learnt of REvil’s new methodology that enabled the threat actors to encrypt their victim’s file by rebooting into the Windows Safe Mode.

TechRadar needs yo...

We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.

>> Click here to start the survey in a new window (opens in new tab)<<

Not-so-Safe Mode

Researchers believed this new attack strategy was designed as a means to bypass detection by Windows security mechanisms as well as any other protections employed by the user. 

The Safe Mode also ensured the ransomware wouldn’t be interrupted by processes with higher privileges such as backups (opens in new tab), and servers.

Although that’s quite a novel approach, it relied upon someone to manually reboot Windows into the Safe Mode. The new changes as reported by Bleeping Computer however automates the process. 

The latest version of the ransomware will first change the user password, reportedly to DTrump4ever, and then reconfigure a few registry values to enable Windows to automatically login with the updated authentication information.

Via: BleepingComputer (opens in new tab)

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.