AvosLocker Ransomware Completes Attack in Just 5 Seconds Using Windows Safe Mode, AnyDesk Admin Tool

By
AvosLocker Ransomware Evades Security Software Using Windows Safe Mode and AnyDesk Admin Tool
A picture taken on October 17, 2016 shows an employee typing on a computer keyboard at the headquarters of Internet security giant Kaspersky in Moscow. (Photo by Kirill KUDRYAVTSEV / AFP) / TO GO WITH AFP STORY BY Thibault MARCHAND Photo by KIRILL KUDRYAVTSEV/AFP via Getty Images

Although this computer virus is considered a newbie, experts claimed it could put some severe security risks against its victims.

First discovered by Sophos, this new ransomware combines the AnyDesk remote administration tool and Windows Safe feature to bypass security protections of PCs and laptops easily.

"Sophos discovered that the AvosLocker attackers installed AnyDesk so it works in Safe Mode, tried to disable the components of security solutions that run in Safe Mode, and then ran the ransomware in Safe Mode," explained Sophos Director of Incident Response, Peter Mackenzie.

AvosLocker Ransomware's Severity

According to Global Newswire's latest report, the new PC ransomware uses Safe Mode and AnyDesk to allow hackers full remote access over their victims' devices.

AvosLocker Ransomware Evades Security Software Using Windows Safe Mode and AnyDesk Admin Tool
A child uses a "Calliope mini" computer during a demonstration of the device on May 5, 2017 in Berlin, Germany. The USB-connected circuit board, similar to a Raspberry Pi, is designed to teach children about basic computer coding and electronics. In a project funded by Google, the Berlin-based manufacturer of the machines is providing 2,500 of the devices to schools. Photo by Adam Berry/Getty Images

Peter added, via ZDNet, that AvosLocker also reuses methods that were used by other ransomware gangs. As of the moment, the malicious actors behind this new human-operated computer virus are trying to surpass REvil, one of the most notorious international cybercriminal groups.

Security experts also believe they are looking for online attacking partners, such as access brokers selling hacked gadgets. As of the moment, no massive breach is linked to AvosLocker is recorded yet.

AvosLocker Completes Attack in Just 5 Secs?

Sophos explained that the hackers behind the new ransomware send consecutive commands that will launch the computer virus. After that, the laptop or PC of the victim would reboot into Safe Mode.

The command sequence is estimated to take only five seconds. If this is true, then users would definitely have no idea when their gadgets are being breached. You can view this link to see more details about the new ransomware.

The U.K. cybercrime watchdog is now investigating a massive password breach in other news. Meanwhile, the newly launched Justin Kan NFT platform was also hacked after debuting.

For more news updates about AvosLocker and other new security threats, always keep your tabs open here at TechTimes.

This article is owned by TechTimes

Written by: Griffin Davis

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Most Popular
Real Time Analytics