New EDR Killer Emerges
A new tool disables security software. Eight ransomware groups use it. For example, it evolved from an earlier version. It targets systems to deploy malicious payloads.
Ransomware Groups Involved
The tool aids multiple ransomware gangs. These include well-known cybercrime groups. Consequently, it spreads across different attack campaigns. This shows a growing threat.
How the Tool Works
The tool uses a disguised binary file. It decodes itself during runtime. For instance, it hides in legitimate apps. This helps it avoid detection.
Exploiting Vulnerable Drivers
The tool searches for a signed driver. This driver has a random name. Therefore, it loads into the system’s core. This grants high-level access to disable security.
Disabling Security Systems
The driver pretends to be a trusted file. Once active, it stops security processes. Moreover, it halts services of major security vendors. This leaves systems vulnerable.
Targeted Security Vendors
The tool attacks many security products. It targets well-known antivirus and detection tools. For example, it disrupts multiple endpoint protection systems. This aids ransomware deployment.
Shared Tool Framework
The tool uses a specific packing method. Evidence suggests groups share resources. For instance, each attack uses a unique version. This points to a collaborative effort.
Not a Leaked Tool
The tool isn’t a single leaked binary. Instead, each group uses a custom build. Therefore, it’s a shared development project. This makes it harder to track.
Other EDR Killer Tools
Another tool, AuKill, supports similar attacks. Different ransomware groups use it. Additionally, a custom tool was sold to multiple gangs. This shows a trend in tool sharing.
Widespread Ransomware Tactics
Tool sharing is common in ransomware. Groups exchange methods to bypass security. For example, this boosts their attack success. It challenges cybersecurity defenses.
Preventing EDR Killer Attacks
To stop EDR killer tools, update security software regularly. Monitor systems for unusual driver activity. Additionally, real-time threat detection can spot malicious behavior. Cybersecurity training helps teams recognize attack signs. By staying proactive, organizations can reduce risks.
Sleep well, we got you covered.
