Ransomware gangs have developed sophisticated malware capabilities, specifically incorporating kernel-level EDR killers to bypass major endpoint security tools. These gangs target high-profile industries and have recently deployed the Crypto24 ransomware against companies globally. Using a customized version of the open-source tool RealBlindingEDR, attackers disable EDR products from specific security vendors by manipulating kernel-level hooks. This tactic allows them to steal and encrypt data before demanding ransom. The criminals exploit administrative privileges to deploy malicious tools after compromising systems.
At least a dozen ransomware gangs have incorporated kernel-level EDR killers into their malware arsenal, allowing them to bypass almost every major endpoint security tool on the market.
Crypto24, a new ransomware, has targeted nearly two dozen companies in the US, Europe, and Asia, using a custom version of RealBlindingEDR to evade detection.
Collection
[
|
...
]