This dangerous ransomware changes your Windows passwords, then encrypts your PC

The ransomware takes advantage of the limited system environment in Safe Mode – minus the system protections, to carry out its nefarious activities.

By: HT TECH
| Updated on: Aug 21 2022, 16:15 IST
The infamous REvil ransomware has adapted yet again, this time changing your Windows passwords before encrypting your PC.
The infamous REvil ransomware has adapted yet again, this time changing your Windows passwords before encrypting your PC. (Unsplash )

Ransomware affects everyone, from the average computer user to schools and from hospitals to massive corporations, leaving a trail of destruction in its wake. While most forms of ransomware simply encrypt the files on your computer and demand payment in exchange for the key, there are variations like the REvil ransomware that have adapted to change your Windows 10 login passwords.

The group behind the infamous REvil ransomware, also known as Sodinokibi (operating as a Ransomware as a Service) has previously “adapted” the malware and used it to threaten victims into accepting ransom demands by claiming they had “footage” of the person watching pornographic material. They were also the team who allegedly compromised a computer manufacturer's systems.

You may be interested in

LaptopsTablets
27% OFF
Microsoft Surface Studio A1Y 00022
  • Platinum Silver
  • 16 GB LPDDR4X RAM
  • 512 GB SSD
7% OFF
Microsoft Surface Pro 8 8PV 00029
  • Graphite Black
  • 16 GB DDR4 RAM
  • 256 GB SSD
47% OFF
Microsoft Surface 4 5UI 00049
  • Platinum Silver
  • 8 GB DDR4 RAM
  • 256 GB SSD
28% OFF
Microsoft Surface Pro 7 M1866 VDH 00013
  • Platinum
  • 4 GB LPDDR4X RAM
  • 128 GB SSD

Also read: Ransomware gangs emailing customers of victims to extort them

Also read
Looking for a smartphone? To check mobile finder click here.

According to a new report by Tech Radar, the group recently adapted the malware yet again, to change your Windows 10 logins to let the device enter Safe Mode. Once a device is in Safe Mode, only core Windows system services are allowed to run, to allow a user to verify and troubleshoot their systems. Here's when the ransomware takes advantage of this limited system to carry out its nefarious activities.

As the computers regular security mechanisms are not functional in Safe Mode, the ransomware can operate in an uninhibited manner and other volume mirroring and data protection methods employed by the user would also be deactivated, according to the report. This essentially means that the REvil ransomware would be able to run unfettered and take advantage of the system before it was rebooted again.

Read more: Ransomware tops US cyber priorities, Homeland secretary says

The report says that the re-worked version of the ransomware actually automates the process of rebooting the computer too, by changing the user password to “DTrump4ever” and then set up the computer to log in with the proper credentials. This would eliminate the process of having to wait for the user to try and reboot in safe mode, and probably guarantees that a PC can be compromised using this method.

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 08 Apr, 23:24 IST
NEXT ARTICLE BEGINS