"Ransomware Gang Deploys New Malware to Kill Security Software"

"RansomHub" ransomware operators are now using new malware named "EDRKillShifter" to disable Endpoint Detection and Response (EDR) security software in Bring Your Own Vulnerable Driver (BYOVD) attacks. Sophos security researchers discovered EDRKillShifter in May 2024 during a ransomware investigation. It deploys a legitimate, vulnerable driver on targeted devices in order to escalate privileges, disable security solutions, and more. The method is widely used by different threat actors, including financially motivated ransomware gangs and state-sponsored hacking groups. This article continues to discuss findings regarding the EDRKillShifter malware now being deployed by RansomHub ransomware operators.

BleepingComputer reports "Ransomware Gang Deploys New Malware to Kill Security Software"

Submitted by grigby1

Submitted by Gregory Rigby on