Prevent safemode reboot ransomware attacks with PEM

How to prevent ransomware exploiting safe mode + network reboot to bypass anti-malware tools

A new attack mode for ransomware is to force a user's system to reboot in "safemode + networking" which allows malware to be installed and never captured by anti-malware tools. In this video we show how local admin rights are needed to set the mode of the next boot and show an example of the attack vector with and without Osirium Privileged Endpoint Management (PEM). For more information about PEM, please visit

Click to chat