Coverage from HackRead indicates that ransomware attackers are increasingly repurposing legitimate IT tools, a phenomenon dubbed the “dual-use dilemma” by Seqrite researchers. These trusted utilities, originally designed for system maintenance and troubleshooting, are now being weaponized to bypass antivirus defenses and gain elevated system control.Attackers are leveraging tools like Process Hacker and IOBit Unlocker, which possess deep operating system access. These digitally signed utilities are used to silently disable antivirus software, allowing ransomware to operate undetected. This tactic was observed in campaigns involving LockBit Black 3.0 and Dharma ransomware.The attack chain often begins with phishing emails or compromised credentials, followed by the use of tools like PowerRun or YDArk to achieve SYSTEM or kernel-level control. Attackers first deploy “process killers” to disable security monitoring, then use tools such as Mimikatz to steal credentials and Unlock_IT to erase logs, hindering forensic investigations. Researchers anticipate a future where AI-assisted methods will further automate the process of disabling security measures. Source:HackRead
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
