DLL Side-Loading Technique Used In The Recent Kaseya Ransomware Attack
Fortinet News, July 13th, 2021
July 13, 2021,
Volume 280, Issue 2

In this article we examine the ransomware used in the recent Kaseya attack

"We will see what happens when a machine is infected by this ransomware by looking at some of the visible Indicators of Compromise, such as modified wallpaper, several '<random string>-readme.txt' files in different folders, and changes in the filenames with <random string> extensions. We will also discuss in more details how DLL side-loading was implemented along with other malware tricks that the ransomware used.

Fortunately, FortiEDR detects and blocks the DLL side-loading event when the ransomware executes the valid application, such as MsMpEng.exe, while it loads the malicious payload, mpsvc.dll. As a result, customers will not be able to see all of the related IOCs because the malware is prevented from running..."

Read More ...

Keywords:

     
    Other articles in the Fortinet News section of Volume 280, Issue 2:

    See all archived articles in the Fortinet News section.