Security News > 2024 > January > Kasseika ransomware uses antivirus driver to kill other antiviruses
A recently uncovered ransomware operation named 'Kasseika' has joined the club of threat actors that employs Bring Your Own Vulnerable Driver tactics to disable antivirus software before encrypting files.
Kasseika abuses the Martini driver, part of TG Soft's VirtIT Agent System, to disable antivirus products protecting the targeted system.
According to Trend Micro, whose analysts first discovered and examined Kasseika in December 2023, the new ransomware strain features many attack chains and source code similarities with BlackMatter.
As BlackMatter's source code has never been leaked publicly since its shutdown in late 2021, Kasseika was likely built by former members of the threat group or experienced ransomware actors who purchased its code.
The presence of that driver is crucial in the attack chain, as Kasseika will not proceed further if the 'Martini' service creation fails or if 'Martini.
Tietoevry ransomware attack causes outages for Swedish firms, cities.