by Malicious bootkits targeting UEFI firmware were mostly created by state-level hackers. Until the end of last year, some people began to sell a program called BlackLotus on hacker forums. The researchers who revealed this at the time thought it was difficult to confirm its degree of danger. However, recently, an information security company obtained the malicious program for analysis, and confirmed that it does have the attack capability advertised by the seller. Even if the user enables the UEFI secure boot mechanism, the computer cannot be prevented from being infected by this malicious software. In order to evade detection by security systems before encrypting files, ransomware hackers also adopt a strategy of using a variety of off-the-shelf and legal tools. For example, in the recent attack of the ransomware LockBit, such a method was adopted, making it difficult for antivirus software and EDR systems to detect abnormalities.
