RobbinHood a very clever ransomware

This RobbinHood does not give to anyone .. Many security products include infringement protection (tamper protection) which makes it very difficult to turn off the software, at least without leaving any traces.

The instant updates also make it harder for them angry to break into vulnerable systems because they close security holes and cannot exploit them.

RobbinHood

Similarly, system services often keep their critical files in permanent use, meaning they cannot be easily deleted or modified, which prevents malicious users from destroying them with a ransomware.

But the best one wins… ..

This could be the difference between a ransom claim that you can not avoid paying, because everything is coded and you can not ignore it because all your important data does not exist and your business can not work. .

This is where RobbinHood malware comes in:

Malicious users have discovered a way that helps them bypass all of the above much more easily and gain access to any “” system. We have written the safe in quotation marks because we think it is too big a fairy tale for people to get rich security and the peb testers.

The owners of RobbinHood, instead of looking for vulnerabilities in the operating system and software of the system, just brought their own error!

How it works is a fascinating story, told in every detail in a by SophosLabs. If you want more technical details about the attack we will describe (in a nutshell) below, see here.

In short, the crooks along with the ransomware also added an old but buggy one driver.

The old driver is not malware, but it is an official software component of the Gigabyte motherboard, so it is digitally signed by the company. Of course the signature is certified as genuine by Microsoft itself.

So Windows will load the wizard because of the signature…

After that, everything is easy, as as we mentioned the driver may be genuine but it contains an error, which fraudsters can exploit to trick Windows into letting them upload their own, unsigned and malicious files!

And the driver gives them low-level access to the kernel, processes and system files, which means they can destroy prethe ones they want and delete files that are usually locked.

Distorting kernel behavior on its own can cause a number of problems, such as programs that stop working properly, or corrupted data, or even BSoD.

But fraudsters do not care.

The moment you notice minor problems, the damage has already been done, and if the computer is on a network, all systems will be locked. Meanwhile, only the scammer has the key to decrypt it.

iGuRu.gr The Best Technology Site in Greecefgns

every post, directly to your

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).