In recent attacks, the AvosLocker ransomware gang has started focusing on disabling endpoint security solutions that stand in their way by rebooting compromised systems into Windows Safe Mode.
This tactic makes it easier to encrypt victims’ files since most security solutions will be automatically disabled after Windows devices boot in Safe Mode.
And their new approach appears to be quite effective since the number of attacks attributed to the particular group is rising.