When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
The second step is to download the vulnerable driver called Martini.sys.
BlackMatter lives?
If the download is successful, Martini.sys is used to disable installed antivirus products.
The ransomware comes with a hardcoded list of 991 processes that need to be terminated.
After killing the security programs, Kasseika will initiate the encryptor.
The last step is running a clear.bat script, removing all traces of the attack.
Victims of the ransomware will see a new desktop wallpaper image, notifying them of the attack.
Every additional day (up to five days, maximum) will cost $500,000 more.
Trend Micro believes Kasseika is similar to BlackMatter, a ransomware variant that died in 2021.
ViaBleepingComputer
