Windows Kernel Drivers Used in BlackCat Attacks

In order to evade detection by security software, the BlackCat ransomware was first discovered in February. The driver in use is an enhanced variant of the POORTRY virus, which Microsoft, Mandiant, Sophos, SentinelOne, and SentinelOne detected during ransomware assaults last year.

A Windows kernel driver signed by POORTRY virus uses keys from legitimate Windows Hardware Developer Programme accounts that have been hacked. The UNC3944 hacking collective had previously utilised this driver to disable security software on targeted machines. When attackers tried to employ POORTRY, they realised that security software had a very high detection rate for this malware because of the publicity it received when the code-signing keys were withdrawn.

Windows Kernel Drivers Used in BlackCat Attacks

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

Windows Kernel Drivers Used in BlackCat Attacks

25-May-23

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address