Malware has been increasingly designed to bypass security controls leveraging a host of tactics, most notably by using feature manipulation and tampering to trick AI, machine-learning engines, and sandboxes. The Sodinokibi (“Sodi”) ransomware is rare in its usage of a Windows vulnerability, namely CVE-2018-8453 patched by Microsoft last year, which enables gaining admin-level access. The fileless Astaroth malware evades traditional IoC-based security controls, stealing user credentials, including PII, system and financial data. An increasing number of strains are leveraging PowerShell commands and masquerading as legitimate system tools.
Source: https://thehackernews.com/2019/09/its-been-summer-of-ransomware-hold-ups.html