Detecting Ransomware’s Stealthy Boot Configuration Edits
The hypothesis used by researchers is that threat actors don’t necessarily have to use bcdedit to modify bootloader configurations but could implement code that directly modifies the Windows registry keys that determine those configurations.