RansomHub Ransomware Using Multiple Techniques To Disable EDR And Antivirus

The RansomHub ransomware group tracked as Water Bakunawa, employs targeted spear-phishing to exploit the Zerologon vulnerability, allowing them to gain unauthorized access to networks, affecting various industries and critical infrastructure sectors, demanding ransom payments for data release.  The group’s recent integration of EDRKillShifter, a tool designed to evade detection and disrupt security processes, poses a significant threat to endpoint security, whose ability to dynamically disable EDR solutions and ensure persistence makes it a formidable adversary for traditional security measures. The infection chain of the RansomHub utilizing EDRKillShifter A ransomware group typically gains initial access to systems by exploiting vulnerabilities, phishing, or password spraying.

Source: GBHackers

 


Date:

Categorie(s):