Products
Features
YouTube Video Summarizer
Summarize YouTube videos
Web & PDF Highlighter
Highlight web pages & PDFs
Chat with PDF
Ask any PDF questions with AI
Ask AI Clone
Chat with your highlights & memories
Audio Transcriber
Transcribe audio files to text
Glasp Reader
Read and highlight articles
Kindle Highlight Export
Export your Kindle highlights
Idea Hatch
Hatch ideas from your highlights
Integrations
Obsidian Plugin
Notion Integration
Pocket Integration
Instapaper Integration
Medium Integration
Readwise Integration
Snipd Integration
Hypothesis Integration
Apps & Extensions
Chrome Extension
Safari Extension
Edge Add-ons
Firefox Add-ons
iOS App
Android App
Discover
Discover
Ideas
Discover new ideas and insights
Articles
Curated articles and insights
Books
Book recommendations by great minds
Posts
Essays and notes from readers
Quotes
Inspiring quotes collection
Videos
Curated videos and summaries
Explore Glasp
Glasp Story
How we grew from 0 to 3 million users
Glasp Newsletter
Weekly insights and updates
Glasp Talk
Interview series with great minds
Glasp Blog
Latest news and articles
Glasp Use Cases
Learn how others use Glasp
Build & Support
Glasp API
Access Glasp's API for developers
MCP Connector
Connect Glasp to Claude & ChatGPT
Community
Glasp Reddit Community
Students
Student discount and benefits
FAQs
Frequently Asked Questions
AboutPricing
DashboardLog inSign up

Ransomware disables AV using Safe Mode: Avos Locker

December 31, 2021
by
The PC Security Channel
YouTube video player
Ransomware disables AV using Safe Mode: Avos Locker

TL;DR

Ransomware is now using safe mode to bypass security mechanisms, posing a significant threat to corporations and highlighting the need for improved vendor solutions.

Transcript

hi this is leo from the pc security channel now we all know about the menace of ransomware but you might say hey i've got a good endpoint security product that is going to protect me well here is a ransomware that actually bypasses all of your security mechanisms by using ironically safe mode for windows and unfortunately a lot of security products... Read More

Key Insights

  • 🦺 Ransomware is becoming increasingly sophisticated, using safe mode to bypass security products and disable endpoint protections.
  • 🥺 The encryption process of ransomware can lead to file corruption if the system is shut down during the attack.
  • 👥 Avos Locker, REvil, and Black Matter are among the ransomware groups utilizing safe mode to evade security measures.
  • 👊 Attackers can initiate an attack with a single command that reboots the system, downloading the ransomware from a remote server.
  • 🎮 Controlled folder mechanisms may also be bypassed by ransomware operating in safe mode.
  • 👊 Ransomware attacks targeting corporations highlight the need for robust security measures and vendor solutions that can operate effectively in safe mode.
  • 🦻 Intezer's analysis platform provides valuable insights into the behavior and identification of malware threats, aiding in proactive protection measures.

Install to Summarize YouTube Videos and Get Transcripts

Explore YouTube Video Summarizer or Get YouTube Transcript Extractor

Questions & Answers

Q: How does ransomware bypass security mechanisms in safe mode?

Ransomware can run in safe mode because many security products do not operate in this mode, allowing the malware to execute without interference. This highlights the need for improved security solutions that can protect against threats even in safe mode.

Q: What are the potential consequences of this ransomware attack?

If victims shut down their computers during the encryption process, their files may become corrupted. While this is better than having all files encrypted, some data may still be lost or inaccessible.

Q: Are there other ransomware groups using safe mode to bypass security?

Yes, other ransomware groups, such as Avos Locker, REvil, and Black Matter, have also adopted this technique to evade endpoint security. IT administrators should be vigilant for new user accounts appearing without explanation, as this may indicate a ransomware attack.

Q: Can ransomware be installed on a system without executing the malware sample?

Yes, attackers can embed a command that reboots the system with a non-working command to download the malware sample from a command and control server. Therefore, simply avoiding executing the ransomware sample is not enough to prevent an attack.

Summary & Key Takeaways

  • Ransomware can now bypass security measures by operating in Windows safe mode, rendering many security products ineffective.

  • This ransomware variant encrypts files using AES 256 and instructs victims to pay the ransom on the dark web using the Tor browser.

  • Hackers are increasingly using this technique to disable protections before launching their ransomware attacks, targeting both individuals and corporations.


Read in Other Languages (beta)

English

Share This Summary 📚

Summarize YouTube Videos and Get Video Transcripts with 1-Click

Download browser extensions on:

Try YouTube Summary with ChatGPT & Claude or YouTube Transcript Generator

Explore More Summaries from The PC Security Channel 📚

DynA-Crypt Ransomware | feat. Karsten from G Data thumbnail
DynA-Crypt Ransomware | feat. Karsten from G Data
The PC Security Channel
NordVPN Hacked! How secure is VPN Really? thumbnail
NordVPN Hacked! How secure is VPN Really?
The PC Security Channel
Security Talk 6: Bleeping Computer sued for a negative review and more thumbnail
Security Talk 6: Bleeping Computer sued for a negative review and more
The PC Security Channel
G Data Internet Security 2017 Review thumbnail
G Data Internet Security 2017 Review
The PC Security Channel
MGM & Defcon Venue hack: BlackCat Ransomware thumbnail
MGM & Defcon Venue hack: BlackCat Ransomware
The PC Security Channel
Avast vs Ransomware thumbnail
Avast vs Ransomware
The PC Security Channel

Summarize YouTube Videos and Get Video Transcripts with 1-Click

Download browser extensions on:

Try YouTube Summary with ChatGPT & Claude or YouTube Transcript Generator

Apps & Extensions

  • Chrome Extension
  • Safari Extension
  • Edge Add-ons
  • Firefox Add-ons
  • iOS App
  • Android App

Key Features

  • YouTube Video Summarizer
  • Web & PDF Summarizer
  • Web & PDF Highlighter
  • Chat with PDF
  • Ask AI Clone
  • Audio Transcriber
  • Glasp Reader
  • Kindle Highlight Export
  • Idea Hatch

Integrations

  • Obsidian Plugin
  • Notion Integration
  • Pocket Integration
  • Instapaper Integration
  • Medium Integration
  • Readwise Integration
  • Snipd Integration
  • Hypothesis Integration

More Features

  • APIs
  • MCP Connector
  • Blog & Post
  • Embed Links
  • Image Highlight
  • Personality Test
  • Quote Shots
  • Open Graph Checker

Company

  • About us
  • Our Story
  • Blog
  • Community
  • FAQs
  • Job Board
  • Newsletter
  • Pricing
Terms

•

Privacy

•

Guidelines

© 2026 Glasp Inc. All rights reserved.