Nasty Windows 10 ransomware is capable of changing YOUR login password

When you subscribe we will use the information you provide to send you these newsletters. Sometimes they’ll include recommendations for other related newsletters or services we offer. Our Privacy Notice explains more about how we use your data, and your rights. You can unsubscribe at any time.

Windows 10 users are being warned about a nasty piece of ransomware known as REvil. The malicious code has a scary sounding name which is fitting given the havoc it can cause on a Windows 10 machine. The notorious ransomware was first discovered back in 2019, with hacking gangs going on to use it to try and extract millions from victims.

And the infamous bit of malware has once again tweaked its attack vector to make it even more dangerous.

The malware is now capable of changing a Windows 10 user’s login password in order to launch an attack.

A victim’s Windows 10 login is changed to the password ‘DTrump4ever’ to start with.

The REvil malware is then capable of automatically encrypting files on a targeted machine once it loads up in Safe Mode.

Microsoft announce the Windows 10 update

It is believed this crucial change to the Windows 10 ransomware helps the malicious software better evade security software.

It also means the ransomware wouldn’t be interrupted by processes which can impact encryption such as backup software.

The threat was highlighted in a post by Bleeping Computer, who said a previous version of REvil required a victim to manually reboot their PC in safe mode for the attack to be successful.

However, the latest revision of the malware gets round this by changing a user’s password to automate the entire process.

The latest REvil ransomware news comes after last month electronics giant Acer was reportedly hit by a REvil attack.

Attackers allegedly managed to get hold of financial information which they were demanding a multi-million pound ransom for.

It was reported that REvil attackers were asking for almost £36million for the sensitive information to be returned to Acer.

And if the Taiwanese tech giant didn’t provide this sum by a set date towards the end of March then the ransom would be doubled.

Responding to the reports Acer issued a statement which said: “Acer routinely monitors its IT systems, and most cyberattacks are well defensed. Companies like us are constantly under attack, and we have reported recent abnormal situations observed to the relevant law enforcement and data protection authorities in multiple countries.

“Acer discovered abnormalities from March and immediately initiated security and precautionary measures. Acer’s internal security mechanisms proactively detected the abnormality, and immediately initiated security and precautionary measures.”

Source: Read Full Article