REvil ransomware has a new ‘Windows Safe Mode’ encryption mode

silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,136
Content source
https://www.bleepingcomputer.com/news/security/revil-ransomware-has-a-new-windows-safe-mode-encryption-mode/
The REvil ransomware operation has added a new ability to encrypt files in Windows Safe Mode, likely to evade detection by security software and for greater success when encrypting files.

Windows Safe Mode is a special startup mode that allows users to run administrative and diagnostic tasks on the operating system. This mode only loads the bare minimum of software and drivers required for the operating system to work.

Furthermore, any programs installed in Windows that are configured to start automatically will not start in Safe Mode unless their autorun is configured a certain way.
Click to expand...
In a new sample of the REvil ransomware discovered by MalwareHunterTeam, a new -smode command-line argument was added that forces the computer to reboot into Safe Mode before encrypting a device.
Click to expand...
www.bleepingcomputer.com

REvil ransomware has a new ‘Windows Safe Mode’ encryption mode

The REvil ransomware operation has added a new ability to encrypt files in Windows Safe Mode, likely to evade detection by security software and for greater success when encrypting files.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Wow
  • Like
  • Thanks
Reactions: upnorth, Venustus, ForgottenSeer 85179 and 6 others
You must log in or register to reply here.

Similar threads

MuzzMelbourne
    • Like
    • Applause
New ransomware decryptor recovers data from partially encrypted files
Replies
0
Views
1,151
News Archive
MuzzMelbourne
MuzzMelbourne
silversurfer
    • Like
    • +Reputation
    • Thanks
Hackers Exploit Windows Policy Loophole to Forge Kernel-Mode Driver Signatures
Replies
0
Views
1,130
News Archive
silversurfer
silversurfer
CyberTech
    • Like
    • Wow
    • +Reputation
New ransomware strain exploits Windows search tool Everything
Replies
16
Views
1,012
News Archive
simmerskool
simmerskool

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top