AvosLocker Ransomware Variant Abuses Driver File to Disable Anti-Virus, Scans for Log4shell
released on 2022-05-03 @ 04:07:22 PM
TrendMicro found samples of AvosLocker ransomware that makes use of a legitimate driver file to disable anti-virus solutions and detection evasion. While previous AvosLocker infections employ similar routines, this is the first sample we observed from the US with the capability to disable a defense solution using a legitimate Avast Anti-Rootkit Driver file (asWarPot.sys). In addition, the ransomware is also capable of scanning multiple endpoints for the Log4j vulnerability Log4shell using Nmap NSE script.