Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Kasseika Ransomware Evades Antivirus

January 24, 2024
Reading Time: 3 mins read
in Alerts

Kasseika ransomware has adopted sophisticated tactics to evade antivirus software during its attacks. Utilizing Bring Your Own Vulnerable Driver (BYOVD) techniques, the ransomware exploits the Martini driver, specifically Martini.sys/viragt64.sys, part of TG Soft’s VirtIT Agent System, to disable antivirus products protecting the targeted system. Trend Micro, the cybersecurity firm that identified Kasseika in December 2023, highlights its attack chains and source code similarities with BlackMatter, suggesting a potential connection. Kasseika’s attack chain involves phishing emails, Martini driver vulnerabilities, and BYOVD attacks to gain access, terminate antivirus processes, and encrypt files using ChaCha20 and RSA encryption algorithms.

The Kasseika ransomware operation initiates attacks through phishing emails targeting employees of the intended organization, aiming to steal account credentials for initial network access. Operators then employ the Windows PsExec tool to execute malicious .bat files on infected systems, utilizing lateral movement. A crucial step involves checking for the presence of the ‘Martini.exe’ process, terminating it to avoid interference, and downloading the ‘Martini.sys’ driver. Kasseika relies on BYOVD attacks to exploit flaws in the loaded driver, granting privileges to terminate specific processes, including antivirus products and security tools. The ransomware ultimately encrypts files, appends a pseudo-random string to filenames, demands a ransom in Bitcoin, and provides a decrypter upon payment proof.

Victims of Kasseika are given a 72-hour window to deposit 50 Bitcoins (approximately $2,000,000), with an additional $500,000 added for each 24-hour delay in resolution. A private Telegram group is used for communication, and victims must post a screenshot of payment proof to receive a decrypter. The ransomware also alters the computer’s wallpaper and drops a ransom note in every encrypted directory. Trend Micro emphasizes the importance of understanding Kasseika’s tactics, as it showcases the evolving and sophisticated strategies employed by ransomware operators to bypass security measures. The cybersecurity firm has published indicators of compromise (IoCs) related to the Kasseika threat for identification and mitigation.

 

Reference:
  • Kasseika Ransomware Deploys BYOVD Attacks, Abuses PsExec and Exploits Martini Driver 
Tags: AntivirusBYOVDCyber AlertCyber Alerts 2024Cyber RiskCyber threatJanuary 2024Kasseika RansomwareMartini driverVulnerabilities
ADVERTISEMENT

Related Posts

BadIIS Malware Spreads Via SEO Poisoning

Hackers Target AWS and Steal Credentials

September 24, 2025
BadIIS Malware Spreads Via SEO Poisoning

SonicWall SMA100 Update Removes Rootkit

September 24, 2025
BadIIS Malware Spreads Via SEO Poisoning

BadIIS Malware Spreads Via SEO Poisoning

September 24, 2025
FBI Issues Warning on Spoofed IC3 Website

FBI Issues Warning on Spoofed IC3 Website

September 22, 2025
FBI Issues Warning on Spoofed IC3 Website

Infostealer Hits macOS Users Widely

September 22, 2025
FBI Issues Warning on Spoofed IC3 Website

SonicWall Warns Reset After Exposure

September 22, 2025

Latest Alerts

Hackers Target AWS and Steal Credentials

SonicWall SMA100 Update Removes Rootkit

BadIIS Malware Spreads Via SEO Poisoning

SonicWall Warns Reset After Exposure

Infostealer Hits macOS Users Widely

FBI Issues Warning on Spoofed IC3 Website

Subscribe to our newsletter

    Latest Incidents

    Boyd Gaming Reports Data Breach After Attack

    Morrisroe UK Company Hit By Cyber Attack

    GeoServer Flaw Breaches US Agency Network

    Steam Game Steals Streamer Donations

    Ransomware Gang Hacks Spartanburg County

    Cyberattack Hits Europe Airport Systems

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial