#byovd

[ follow ]
#ransomware #vulnerable-driver #edr-evasion #osiris-ransomware #poortry-driver #data-exfiltration
fromThe Hacker News
4 days ago

Reynolds Ransomware Embeds BYOVD Driver to Disable EDR Security Tools

Cybersecurity researchers have disclosed details of an emergent ransomware family dubbed Reynolds that comes embedded with a built-in bring your own vulnerable driver (BYOVD) component for defense evasion purposes within the ransomware payload itself. BYOVD refers to an adversarial technique that abuses legitimate but flawed driver software to escalate privileges and disable Endpoint Detection and Response (EDR) solutions so that malicious activities go unnoticed. The strategy has been adopted by many ransomware groups over the years.
Information security
Information security
fromThe Hacker News
3 weeks ago

New Osiris Ransomware Emerges as New Strain Using POORTRY Driver in BYOVD Attack

Osiris is a new ransomware family using POORTRY vulnerable driver in a BYOVD attack to disable security, perform per-file hybrid encryption, and exfiltrate data.
Information security
fromThe Hacker News
5 months ago

Silver Fox Exploits Microsoft-Signed WatchDog Driver to Deploy ValleyRAT Malware

Silver Fox exploited a Microsoft-signed WatchDog vulnerable driver (amsdk.sys) via BYOVD to disable endpoint protections and deploy ValleyRAT.
[ Load more ]