Write Protect For Storage Disabled (75f7a0e2-7154-4c4d-9eae-5cdb4e0a5c13)
Detects applications trying to modify the registry in order to disable any write-protect property for storage devices. This could be a precursor to a ransomware attack and has been an observed technique used by cypherpunk group.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) | Attack Pattern | Write Protect For Storage Disabled (75f7a0e2-7154-4c4d-9eae-5cdb4e0a5c13) | Sigma-Rules | 1 |