0 기록(들)
We found results matching "0" in 0 ms
  • Antivirus vendors push fixes for EFS ransomware attack method

    시간: Jan. 23, 2020

    Researchers have discovered how an EFS attack triggered by ransomware makes systems based on signature-based antivirus solutions vulnerable.


    Amit Klein, vice president of security research at Safebreach Labs, announced an investigation into how ransomware can exploit the Windows encryption file system, a type of malware that encrypts systems and should be detected.


    A laboratory investigation conducted by EFS, developed by Microsoft as an NTFS alternative to fully encrypt the BitLocker disk to encrypt individual files or directories, found that important antivirus solutions may not protect the system.


    In a blog post, Safebreach Labs said that after trying three key anti-ransomware solutions offered by cybersecurity providers, all three attacks could not be blocked.


    The security solutions tested were ESET Internet Security 12.1.34.0, Kaspersky Anti Ransomware 4.0.0.861 and Microsoft Windows 10 Controlled Folder Access on Windows 10 64 bit version 1809 using a Windows 10 virtual machine loaded with a variety of different contents and types of files.


    Safebreach Labs tested whether EFS could be exploited by creating its own ransomware variant, which uses tactics such as generating keys and certificates. To start the attack chain, the ransomware created both and added the certificate to the personal certificate store, with the new key assigned as the current EFS key and requested the deletion of files or folders.


    If possible, the malware removes the loose parts of the hard drive and then encrypts the data in the key file with a public key connected to the ransomware. At this point, it is also possible to send stolen information to an attacker's command and control center.


    According to the researchers, EFS-based ransomware encryption activities take place in the kernel and, as the NTFS driver is involved, they can also go unnoticed for file system filtering drivers. No human interaction or administrative rights are required.


    However, the lock icons appear when the files are encrypted, which can give victims an indication that everything is wrong, and when the Data Recovery Agent is activated, recovery can be "trivial," the equipment.


    Safebreach Labs developed a proof of concept code and provided it to 17 cybersecurity providers. As a result, the team discovered that more products were affected than expected.


    One possible solution is for administrators to modify registry keys to disable EFS and use Group Policy in company settings. However, if EFS is used actively and legally, disabling the configuration may affect the required file protection.


닫기bzfuture에 오신 것을 환영합니다. 로그인하세요.

아직 가입하지 않으셨나요?   지금 가입하세요

타사 계정으로 로그인:

  • google
  • Twitch
  • Youtube

닫기bzfuture에 오신 것을 환영합니다. 가입하세요.

  • 이메일 주소 *(Used To Receive Key)

    유효한 이메일을 입력하세요.

  • 비밀번호*

    6~16자의 문자, 숫자, 특수 문자.

  • 비밀번호 확인*

  • 이름* *

  • 읽고 동의했습니다. 
    bzfuture의 할인 혜택, 이벤트 및 뉴스레터를 구독하세요.

이미 bzfuture 계정이 있으신가요?   지금 로그인하세요

타사 계정으로 로그인

  • google
  • Twitch
  • Youtube

닫기

프롬프트:

increase-the_programe_has_been_successfully

닫기

프롬프트:

increase-the_programe_has_been_successfully

닫기

프롬프트:

시스템이 부하상태입니다. 잠시만 기다려주세요

닫기등록 성공

닫기보안인증

You have an unextracted key !
장바구니에 새 항목이 추가되었습니다.