REvil Again Breas Safe Mode with Auto-Login Features

The REvil Ransomware has received an update where there are added new features which enables the operators to automate file encryption in Safe Mode after changing the password of the windows. This feature is an addition to the Safe Mode encryption program added last month.

What has happened?

In late March, the security came across a new sample of REvil. This sample contained refined safe mode encryption which were red flagged earlier since it had manual login capabilities.

  • In the new variant, the ransomware changes the password of the user to DTrump4ever 
  • Though it cannot be confirmed whether if the same password is used currently by the ransomware, it has been observed that same password was being used for at least two of the samples that were uploaded to VirusTotal. 
  • Additionally, it can reboot the system into safe mode which enables the operator to make such changes that would not have been possible in normal running mode.

REvil has been very active in the recent times and have been targeting many well-known organizations in the world.

REvil is getting stronger with time and other ransomware gangs are being encouraged by the activities of the REvil and they are trying to follow the footsteps set up by them. Security Experts have been emphasizing on the importance of cyber security and encourages everyone to be aware of the type of attacks that one may face while accessing the digital media.

Leave a Reply