How Ransomhub Ransomware Uses EDRKillShifter to Disable EDR and Antivirus Protections

September 20, 2024 at 11:25AM The article discusses the Ransomhub ransomware’s utilization of EDRKillShifter to disable EDR and antivirus protections. Ransomhub also exploits the Zerologon vulnerability to take control of networks without authentication. The group has attacked various industries, employed spear-phishing, and used the affiliate model. Trend Micro’s Vision One telemetry data aided in uncovering … Read more

RansomHub-linked EDR-killing malware spotted in the wild

August 18, 2024 at 09:57PM A new malware called EDRKillShifter has been identified by Sophos, using legitimate but vulnerable drivers to deliver ransomware to targets and disrupt endpoint detection and response software. Additionally, a critical vulnerability has been reported in SolarWinds Web Help Desk, while NetSuite SuiteCommerce and SiteBuilder sites are found to be exploitable. … Read more

Ransomware gang deploys new malware to kill security software

August 15, 2024 at 02:03PM RansomHub ransomware operators have deployed a new malware, EDRKillShifter, to disable EDR security software in BYOVD attacks. Discovered by Sophos researchers, the malware exploits vulnerable drivers to escalate privileges and disable security solutions. Sophos recommends enabling tamper protection and maintaining a separation between user and admin privileges to mitigate such … Read more

RansomHub Group Deploys New EDR-Killing Tool in Latest Cyber Attacks

August 15, 2024 at 07:33AM A cybercrime group linked to RansomHub ransomware has been using a new tool, EDRKillShifter, to disable endpoint detection and response software on compromised hosts. This tool is a delivery mechanism for vulnerable drivers and can deliver different driver payloads. It’s important to keep systems updated and enable tamper protection in … Read more