Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Kasseika Ransomware Evades Antivirus

January 24, 2024
Reading Time: 3 mins read
in Alerts

Kasseika ransomware has adopted sophisticated tactics to evade antivirus software during its attacks. Utilizing Bring Your Own Vulnerable Driver (BYOVD) techniques, the ransomware exploits the Martini driver, specifically Martini.sys/viragt64.sys, part of TG Soft’s VirtIT Agent System, to disable antivirus products protecting the targeted system. Trend Micro, the cybersecurity firm that identified Kasseika in December 2023, highlights its attack chains and source code similarities with BlackMatter, suggesting a potential connection. Kasseika’s attack chain involves phishing emails, Martini driver vulnerabilities, and BYOVD attacks to gain access, terminate antivirus processes, and encrypt files using ChaCha20 and RSA encryption algorithms.

The Kasseika ransomware operation initiates attacks through phishing emails targeting employees of the intended organization, aiming to steal account credentials for initial network access. Operators then employ the Windows PsExec tool to execute malicious .bat files on infected systems, utilizing lateral movement. A crucial step involves checking for the presence of the ‘Martini.exe’ process, terminating it to avoid interference, and downloading the ‘Martini.sys’ driver. Kasseika relies on BYOVD attacks to exploit flaws in the loaded driver, granting privileges to terminate specific processes, including antivirus products and security tools. The ransomware ultimately encrypts files, appends a pseudo-random string to filenames, demands a ransom in Bitcoin, and provides a decrypter upon payment proof.

Victims of Kasseika are given a 72-hour window to deposit 50 Bitcoins (approximately $2,000,000), with an additional $500,000 added for each 24-hour delay in resolution. A private Telegram group is used for communication, and victims must post a screenshot of payment proof to receive a decrypter. The ransomware also alters the computer’s wallpaper and drops a ransom note in every encrypted directory. Trend Micro emphasizes the importance of understanding Kasseika’s tactics, as it showcases the evolving and sophisticated strategies employed by ransomware operators to bypass security measures. The cybersecurity firm has published indicators of compromise (IoCs) related to the Kasseika threat for identification and mitigation.

 

Reference:
  • Kasseika Ransomware Deploys BYOVD Attacks, Abuses PsExec and Exploits Martini Driver 
Tags: AntivirusBYOVDCyber AlertCyber Alerts 2024Cyber RiskCyber threatJanuary 2024Kasseika RansomwareMartini driverVulnerabilities
ADVERTISEMENT

Related Posts

Sothebys Data Breach Exposes Customers

Microsoft Pulls 200 Suspicious Certificates

October 17, 2025
Sothebys Data Breach Exposes Customers

NK Hackers Hide Malware In Blockchain

October 17, 2025
Sothebys Data Breach Exposes Customers

Hackers Spread Malware With Blockchain

October 17, 2025

Fortinet And Ivanti Patch Severe Flaws

October 16, 2025

Malicious VSCode Extensions Steal Crypto

October 16, 2025

Fake Password Manager Hijack PCs

October 16, 2025

Latest Alerts

Microsoft Pulls 200 Suspicious Certificates

NK Hackers Hide Malware In Blockchain

Hackers Spread Malware With Blockchain

Fortinet And Ivanti Patch Severe Flaws

Malicious VSCode Extensions Steal Crypto

Fake Password Manager Hijack PCs

Subscribe to our newsletter

    Latest Incidents

    Pro Hamas Hackers Target Airport Speakers

    Prosper Breach Hits 17 Million Accounts

    Sothebys Data Breach Exposes Customers

    F5 Reports Hackers Stole Source Code

    YouTube Down Globally With Playback Errors

    Spanish Retailer Mango Discloses Breach

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial