Open in app

Sign in

Write

Sign in

Kasseika Ransomware Employing BYOVD Trick to Bypass Security Pre-Encryption Measures

Ismail R.
2 min readJan 24, 2024

--

A new ransomware threat has emerged, which, like many others, aims to seize control of your files. However, it stands out by employing an unconventional tactic, taking advantage of the antivirus controller. Specifically, it exploits the Martini.sys/viragt64.sys driver, which is part of TG Soft’s VirtIT Agent antivirus.

By exploiting this driver, it manages to disable the security program, rendering it non-functional and unable to detect the threat. According to researchers behind this discovery, the Kasseika ransomware shares significant similarities with BlackMatter, suggesting a possible common origin in their development.

How does this threat exactly spread? It begins with the sending of a phishing email, using a classic method to obtain access credentials. From there, it leverages the Windows PsExec tool to run malicious .bat files. In this process, it checks for the existence of the Martini.exe process and terminates it; if not found, the infection does not proceed.

The main goal is to disable the antivirus and then initiate the ransomware, which uses the ChaCha20 and RSA algorithms to encrypt files. As usual, attackers demand a ransom, this time in a substantial amount of bitcoins.

Faced with this threat, how can you protect yourself? First and foremost, common sense plays a crucial role, especially in identifying and avoiding phishing attacks via emails. Never share sensitive data through these channels without verifying the authenticity of the sender. Additionally, it is essential to keep the system always updated to prevent the exploitation of vulnerabilities by cybercriminals.

Despite the exploitation of security drivers, having a robust antivirus remains essential. Regularly check the status and effectiveness of your security software. In summary, Kasseika represents a dangerous ransomware that can neutralize antiviruses by exploiting their drivers. Adequately protecting your devices and following good security practices are key to avoiding such threats.

Cybersecurity
Hacking
Hacking Tools
Technology
Tech

--

--

Ismail R.
Ismail R.

Written by Ismail R.

1.1K Followers
2.5K Following

Early passion for computers led to a professional focus on aligning business with IT. Balancing academic and practical experience, especially in cybersecurity.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams