RansomHub Ransomware Using Multiple Techniques To Disable EDR And Antivirus

26 September 2024

The RansomHub ransomware group tracked as Water Bakunawa, employs targeted spear-phishing to exploit the Zerologon vulnerability, allowing them to gain unauthorized access to networks, affecting various industries and critical infrastructure sectors, demanding ransom payments for data release. The group’s recent integration of EDRKillShifter, a tool designed to evade detection and disrupt security processes, poses a significant threat to endpoint security, whose ability to dynamically disable EDR solutions and ensure persistence makes it a formidable adversary for traditional security measures. The infection chain of the RansomHub utilizing EDRKillShifter A ransomware group typically gains initial access to systems by exploiting vulnerabilities, phishing, or password spraying.

Source: GBHackers

Date:

26 September 2024

Categorie(s):

NEWS

Tag(s):

Antivirus, Cyber Security News, Disable, EDR, RansomHub

Want to Spruce Up Your Rental? Here Are 10 Ways to Do It Without Losing Your Security Deposit18 October 2024
Microsoft lost some customers’ cloud security logs18 October 2024
AI-Powered Fraud Detection Systems for Enhanced Cybersecurity18 October 2024
Data center provider fakes Tier 4 data center certificate to bag $11M SEC deal18 October 2024
Options for AWS customers who use Entrust-issued certificates18 October 2024