Kasseika Threat Actor has joined the club of Threat Actors that currently use Bring Your Own Vulnerable Driver (BYOVD) tactics to disable antivirus/EDR software before carrying out malicious activities, such as encrypting files. Kasseika abuses the Martini driver, part of the TG Soft’s VirIT Agent System. By using BYOVD attacks, the malware gains privileges it can use to terminate various processes (included as a hardcoded list), many of which correspond to antivirus/EDR/security/analysis and system utilities. Kasseika ransomware utilizes the ChaCha20 and RSA encryption algorithms to encrypt target files, appending a pseudo-random string to the filenames, similar to BlackMatter ransomware. More information at this link.