Akira ransomware abuses CPU tuning tool to disable Microsoft Defender
The title is slightly provocative because it refers to the article that tells us slightly different things:
www.guidepointsecurity.com
Next, the authors explain some details on the malware example related to Microsoft Defender. As in many other articles, the attack can hardly happen against home users.
The method noted in the article (disabling Microsoft Defender via DisableAntiSpyware settings of Windows Defender) is protected by tamper protection, which is available in all editions of Windows 10, version 1903 and later.
The attack also uses the legitimate driver (ThrottleStop) to load the malicious driver as a service. Such attacks are blocked when Core Isolation settings are enabled.
Anyway, the attacks can impact many Enterprises that use older Windows versions.
The title is slightly provocative because it refers to the article that tells us slightly different things:
GRITREP: Observed Malicious Driver Use Associated with Akira SonicWall Campaign
GRIT has observed Akira affiliates exploiting two common drivers as part of a suspected AV/EDR evasion effort. Take action.
www.guidepointsecurity.com
Next, the authors explain some details on the malware example related to Microsoft Defender. As in many other articles, the attack can hardly happen against home users.
The method noted in the article (disabling Microsoft Defender via DisableAntiSpyware settings of Windows Defender) is protected by tamper protection, which is available in all editions of Windows 10, version 1903 and later.
The attack also uses the legitimate driver (ThrottleStop) to load the malicious driver as a service. Such attacks are blocked when Core Isolation settings are enabled.
Anyway, the attacks can impact many Enterprises that use older Windows versions.
