Since February 2022 was reported a new ransomware that appears to be using a Windows 0-day vulnerability, according to the research conducted by Trend Micro.
More information about this ransomware can be found at this link.
According to analysis by Kaspersky, the Nokoyawa ransomware group has used other exploits targeting the Common Log File System (CLFS) driver since June 2022, with similar but distinct characteristics, all linked to a single exploit developer.
Common Log File System (CLFS) file format:
To face the analysis, it’s necessary to know the .blf file format, that is handled by the vulnerable Common Log File System driver called CLFS.sys and that is in driver’s folder within system32.
What do you think?
It is nice to know your opinion. Leave a comment.