An adversary alters a file's permissions to allow write access. Once the file has been modified, they may revert it to more restrictive permissions to prevent it being edited by other users.
Privileges required
User
Operating systems
ESXi
Additional Procedural Examples
/bin/chmod -w /var/spool/cron/crontabs/root
chmod +x $CLEAN_DIR/encrypt
ATT&CK® technique
T1222.002
Tags
E-Crime: Nevada
Nevada Ransomware operates via an an affiliate program and has been reported to have carried out a campaign targeting any ESXi machine that is exposed to the internet