Write Protect For Storage Disabled (75f7a0e2-7154-4c4d-9eae-5cdb4e0a5c13)
Detects applications trying to modify the registry in order to disable any write-protect property for storage devices. This could be a precursor to a ransomware attack and has been an observed technique used by cypherpunk group.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Disable or Modify Tools - T1685 (bbde9781-60aa-4b8a-a911-895b0c1b3872) | Attack Pattern | Write Protect For Storage Disabled (75f7a0e2-7154-4c4d-9eae-5cdb4e0a5c13) | Sigma-Rules | 1 |