REvil Now Can Encrypt Files In Safe Mode

REvil ransomware now has 'Windows Safe Mode' encryption mode - the ransomware can encrypt files in Windows Safe Mode to evade detection by security software. The new REvil sample contains a new -smode command-line argument that forces the computer to reboot into Safe Mode before encrypting a device. After the reboot, the device will start in Safe Mode With Networking, and the victim will be asked to log into Windows, which will cause REvil ransomware to be executed without the -smode argument and it will begin to encrypt files on the device. Read more...