Tag: edrkillshifter

4 Attack Reports | 0 Vulnerabilities

Attack reports

Shifting the sands of RansomHub's EDRKillShifter

ESET researchers analyze the ransomware ecosystem in 2024, focusing on the newly emerged RansomHub gang. They uncover connections between RansomHub affiliates and rival gangs Play, Medusa, and BianLian through the use of EDRKillShifter, a custom EDR killer developed by RansomHub. The researchers le…
ransomware
bianlian
medusa
edrkillshifter
systembc
grixba
byovd
play
2025-03-27
scransom
Published: March 27, 2025
Downloadable IOCs: 0

Finance Report: Who Targets Financial Institutions?

This report provides an overview of key cybercrime and state-sponsored threat actors targeting the financial sector in 2024. It highlights the critical role of Initial Access Brokers in enabling large-scale attacks, the persistent threat of ransomware and extortion groups, and the increasing sophis…
apt
phishing
ransomware
cybercrime
ransomhub
edrkillshifter
rustbucket
goldpickaxe
financial sector
2025-02-20
catb
initial access brokers
jsoutprox
tradertraitor
golddigger
state-sponsored threats
goldkefu
tycoon 2fa
banking trojans
sneaky 2fa
golddiggerplus
Published: February 20, 2025
Downloadable IOCs: 0

How Ransomhub Ransomware Uses EDRKillShifter to Disable EDR and Antivirus Protections

The RansomHub ransomware, attributed to a group tracked as Water Bakunawa, employs sophisticated anti-EDR techniques to evade security solutions. Its attack chain includes exploiting vulnerabilities like Zerologon, using EDRKillShifter to disable endpoint protection, and employing various evasion s…
ransomhub
edrkillshifter
2024-09-24
Published: September 24, 2024
Downloadable IOCs: 9

Ransomware attackers introduce new EDR killer to their arsenal

An analysis by security researchers has uncovered the existence of a new tool called EDRKillShifter, which is used by threat actors to disable endpoint protection software during ransomware attacks. The tool is designed to terminate antivirus and endpoint detection and response (EDR) solutions on t…
ransomware
ransomhub
privilege escalation
2024-08-16
edr evasion
driver exploitation
edrkillshifter
Published: August 16, 2024
Downloadable IOCs: 2
Click here to see more Attack Reports