Kasseika Ransomware Uses BYOVD Technique, Shutting Down Antiviruses By Abusing Martini Driver

A recently revealed ransomware operation called 'Kasseika' has adopted Bring Your Own Vulnerable Driver (BYOVD) tactics to bypass antivirus software before encrypting files. Kasseika exploits the Martini driver (Martini.sys/viragt64.sys) from TG Soft's VirtIT Agent System to disable antivirus protection on the targeted system. Trend Micro discovered Kasseika in December 2023, noting its attack chains and source code similarities with BlackMatter. Given that BlackMatter's source code has never been publicly leaked since its shutdown in late 2021, it's likely that Kasseika was developed by former members of the threat group or experienced ransomware actors who acquired its code. Read more...