DLL Side-Loading Technique Used In The Recent Kaseya Ransomware Attack
Fortinet News, July 13th, 2021
July 13, 2021,
Volume 280, Issue 2

In this article we examine the ransomware used in the recent Kaseya attack

"We will see what happens when a machine is infected by this ransomware by looking at some of the visible Indicators of Compromise, such as modified wallpaper, several '<random string>-readme.txt' files in different folders, and changes in the filenames with <random string> extensions. We will also discuss in more details how DLL side-loading was implemented along with other malware tricks that the ransomware used.

Fortunately, FortiEDR detects and blocks the DLL side-loading event when the ransomware executes the valid application, such as MsMpEng.exe, while it loads the malicious payload, mpsvc.dll. As a result, customers will not be able to see all of the related IOCs because the malware is prevented from running..."

Read More ...


    Other articles in the Fortinet News section of Volume 280, Issue 2:

    See all archived articles in the Fortinet News section.