"At least a dozen ransomware gangs have incorporated kernel-level EDR killers into their malware arsenal, allowing them to bypass almost every major endpoint security tool on the market."
"Crypto24, a new ransomware, has targeted nearly two dozen companies in the US, Europe, and Asia, using a custom version of RealBlindingEDR to evade detection."
Ransomware gangs have developed sophisticated malware capabilities, specifically incorporating kernel-level EDR killers to bypass major endpoint security tools. These gangs target high-profile industries and have recently deployed the Crypto24 ransomware against companies globally. Using a customized version of the open-source tool RealBlindingEDR, attackers disable EDR products from specific security vendors by manipulating kernel-level hooks. This tactic allows them to steal and encrypt data before demanding ransom. The criminals exploit administrative privileges to deploy malicious tools after compromising systems.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]