Ransomware Identifying Ransomware’s Stealthy Boot Configuration Edits

Thread starter MuzzMelbourne
Start date Apr 30, 2022

MuzzMelbourne

Level 15

Thread author

Verified

Top Poster

Well-known

Apr 30, 2022

#1

The research by Binary Defense entails the various threat hunting techniques and detections for a regularly reported Ransomware-as-a-Service (RaaS) methodology. Using the built-in Windows programme bcdedit.exe (Boot Configuration Data Edit), threat actors have been spotted changing boot loader configurations to:

Modify Boot Status Policies

Disable Recovery Mode

Enable Safe Mode

www.cysecurity.news

Identifying Ransomware’s Stealthy Boot Configuration Edits

Threat actors have been spotted changing boot loader configurations, read on to know more.

www.cysecurity.news

Reactions: Destroyinu, Trooper, Zartarra and 7 others

DDE_Server

Level 22

Verified

Top Poster

Well-known

May 1, 2022

#2

Excellent Article thanks for sharing

Reactions: MuzzMelbourne

Similar threads

M

Threat actors misusing Quick Assist in social engineering attacks leading to ransomware

Microsoft Threat Intelligence
May 16, 2024
Microsoft Defender

Replies: 0

Views: 427

Microsoft Defender May 16, 2024

Microsoft Threat Intelligence

M

Serious Discussion Harmony Endpoint by Check Point

31 32 33 34 35

Replies: 685

Views: 59,002

Other security for Windows, Mac, Linux Nov 3, 2024

simmerskool

Harden Windows Security | Only with official documented methods | Always up to date

2 3 4

Replies: 75

Views: 13,854

Other security for Windows, Mac, Linux Feb 7, 2024

Warencom

W

Top