Today > 3 Critical | 10 High | 7 Medium | 4 Low vulnerabilities   -   You can now download lists of IOCs here!

Ransomware attackers introduce new EDR killer to their arsenal

Aug. 16, 2024, 3:50 p.m.

Description

An analysis by security researchers has uncovered the existence of a new tool called EDRKillShifter, which is used by threat actors to disable endpoint protection software during ransomware attacks. The tool is designed to terminate antivirus and endpoint detection and response (EDR) solutions on targeted systems, paving the way for the deployment of ransomware payloads. EDRKillShifter works as a loader, delivering various malicious drivers that exploit vulnerabilities to gain elevated privileges and unhook security protections.

Date

Published: Aug. 16, 2024, 2:58 p.m.

Created: Aug. 16, 2024, 2:58 p.m.

Modified: Aug. 16, 2024, 3:50 p.m.

Indicators

451f5aa55eb207e73c5ca53d249b95911d3fad6fe32eee78c58947761336cc60

d0f9eae1776a98c77a6c6d66a3fd32cee7ee6148a7276bc899c1a1376865d9b0

Attack Patterns

EDRKillShifter

RansomHub

T1547.003

T1569.002

T1543.003

T1211

T1574.002

T1547.009

T1562.001

T1543.001