Rewterz Informative Update – Malware Can Use This Trick to Bypass Ransomware Defense in Antivirus Solutions

Severity

High

Analysis Summary

Researchers have disclosed significant security weaknesses in popular antivirus software applications that could be abused to deactivate their protections and take control of allow-listed applications to perform nefarious operations on behalf of the malware to defeat anti-ransomware defenses. The twin attacks, detailed by academics from the University of Luxembourg and the University of London, are aimed at circumventing the protected folder feature offered by antivirus programs to encrypt files (aka “Cut-and-Mouse”) and disabling their real-time protection by simulating mouse “click” events (aka “Ghost Control”). Antivirus software providers always offer high levels of security, and they are an essential element in the everyday struggle against criminals,” said Prof. Gabriele Lenzini, chief scientist at the Interdisciplinary Center for Security, Reliability, and Trust at the University of Luxembourg. “But they are competing with criminals which now have more and more resources, power, and dedication.”

Impact

• File encryption
• Loss of critical data
• Financial loss

Remediation

• Security training for employees on valuable assets and cybersecurity vigilance.
• Maintain internet hygiene by updating your anti-virus software and downloading the latest patches.