Signature-based software may not be enough to protect Microsoft’s Windows EFS against evolving ransomware families Windows EFS Feature May Help Ransomware Attackers January 21, 2020 https://www.bleepingcomputer.com/news/security/windows-efs-feature-may-help-ransomware-attackers/ SafeBreach: EFS Ransomware
Antivirus vendors push fixes for EFS ransomware attack method January 21, 2020 https://www.zdnet.com/article/antivirus-vendors-scramble-to-fix-new-efs-ransomware-attack/
The service EFS is also present in my W.10 Home. Stopped - manually. It can also be started from SUA. I have disabled the service.
Hi itman , read this much more accurate article: https://safebreach.com/Post/EFS-Ransomware Yet in my W.10 Home the EFS service is present. Stopped - Manual When I tried to start the service then it was no longer possible to stop it. I had to use the command prompt as an administrator: sc config EFS start= demand reboot pc The "sc" command must therefore also be monitored. OSA has an ad hoc rule. P.S. I don't use a password manager or similar app.
This POC EFS attack withstanding, EFS has an existing vulnerability: https://www.thewindowsclub.com/encrypting-file-system-efs-windows-10 Now we have to wait for a BitLocker POC vulnerability .......................
@itman Read the 3D below: https://malwaretips.com/threads/windows-efs-feature-may-help-ransomware-attackers.97946/#post-855303
I am not worried about this vulnerability since my AV detects the exploit attempt; unlike WD. I was researching the POC yesterday and at least one API employed requires SMB v3.0+. This would indicate that pre-Win 8.1 OS versions are not vulnerable.