Logo of Computer Classes

They discover a new trick for a ransomware attack to bypass the antivirus

There is no doubt that ransomware is one of the most important and at the same time most present security threats when surfing the net.

Hackers can encrypt systems and files and then demand a ransom in return. Although we can count on many tools to protect ourselves, the truth is that cybercriminals are always looking for a new way to achieve their goal. In this article we echo the new ransomware trick to bypass security measures.

Ransomware seeks a new way to bypass security

A group of security researchers has detected a series of flaws that could affect security programs. An attacker could disable protection and take full control. This would allow it not to act properly against ransomware.

Some antivirus have a protected folder function. These vulnerabilities allow you to break that feature and disable the real-time protection feature. Once again we are faced with the eternal struggle between hackers and protection tools. Here, innovation and the search for possible failures play a fundamental role for both sides.

This could cause a ransomware attack to abuse the protected folder feature to change the contents of files, encrypt the victim's data, or even destroy personal information.

Keep in mind that protected folders allow users to select certain files so that they can be more protected. Basically it is an extra layer of security, since it can block any unwanted access.

They use whitelisted apps

Security researchers indicate that a small group of applications may be whitelisted to have privileges and write to protected folders. However, those applications that are included in this white list do not have the protection against the misuse of other programs. This is what would allow malware to perform operations on these protected folders.

They gave as an example the possible exploitation of a legitimate application such as Notepad to carry out writing operations and to encrypt the victim's files. The ransomware could read those files, encrypt them, and then copy them to the system clipboard. Malicious software overwrites those files.

They found that they could even use the Paint tool, which is a reliable application, to overwrite users' files with a randomly generated image and permanently destroy the files.

Ultimately, what we mentioned reminds us that you do not have to trust everything to security tools. It is true that we must always have a good antivirus, for example. But this by itself is not going to prevent us from having certain problems that affect our systems. Vulnerabilities could appear that put our computers at risk and could be exploited, as in this case to distribute ransomware attacks.

This means that we must always keep the equipment updated, with all the available patches. But without a doubt something very important is going to be common sense. We must avoid making mistakes that may affect us. It is essential to know if a PDF is safe, for example. Many files we trust could have been tampered with, hence avoiding mistakes is essential.

Date update on 2021-06-03. Date published on 2021-06-03. Category: Computer class Author: Oscar olg Fuente: softzone