This devious ransomware changes all your Windows 10 passwords

(Image credit: Shutterstock)

The notorious REvil ransomware has refined its attack vector once again to change the victim's login password in order to reboot the computer into Windows Safe Mode.

While malicious groups are always updating their attack methodology to counter security measures, the threat actors behind the REvil ransomware are particularly adept at honing their malware to make their attack campaigns more efficient. Security researchers recently accused REvil of targeting Acer’s back office computers, demanding a record $50 million ransom.

Just last month security researchers learnt of REvil’s new methodology that enabled the threat actors to encrypt their victim’s file by rebooting into the Windows Safe Mode.

TechRadar needs yo...

We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.

>> Click here to start the survey in a new window<<

Not-so-Safe Mode

Researchers believed this new attack strategy was designed as a means to bypass detection by Windows security mechanisms as well as any other protections employed by the user. 

The Safe Mode also ensured the ransomware wouldn’t be interrupted by processes with higher privileges such as backups, and servers.

Although that’s quite a novel approach, it relied upon someone to manually reboot Windows into the Safe Mode. The new changes as reported by Bleeping Computer however automates the process. 

The latest version of the ransomware will first change the user password, reportedly to DTrump4ever, and then reconfigure a few registry values to enable Windows to automatically login with the updated authentication information.

Via: BleepingComputer

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.