Ransomware actors are increasingly abusing vulnerable drivers to craft tools known as "EDR killers," which can disrupt and ...

ESET uncovers a link between RansomHub, Play, Medusa, and BianLian ransomware gangs as more groups adopt tools to disable EDR software.

Security researchers Zscaler found a new loader used in different infostealing campaignsCoffeeLoader uses multiple tricks to ...

RansomHub's EDRKillShifter used in 2024 ransomware by Medusa, BianLian, and Play, revealing cross-gang tool sharing.

Researchers spot Medusa ransomware operators deploying smuol.sys This driver mimics a legitimate CrowdStrike Falcon driver ...

ESET researchers discover new ties between affiliates of RansomHub and of rival gangs Medusa, BianLian, and Play.

ESET researchers also examine the growing threat posed by tools that ransomware affiliates deploy in an attempt to disrupt EDR security solutions ...

Medusa ransomware uses ABYSSWORKER driver with stolen certificates to disable EDR and enable RDP access, risking data ...

Eventually, the threat actors dropped a password-protected ZIP file (win.zip) containing the ransomware payload (win.exe), but the victim's EDR tool detected and quarantined it, essentially ...

EDR tools sit on the endpoint and record data that's either addressed directly on the endpoint or sent to the cloud somewhere to determine whether any of the behavior observed is anomalous and ...

Microsoft Are ‘Rethinking’ Security After CrowdStrike Outage] TechCrunch cited posts on social media that have pointed to difficulties with endpoint detection and response (EDR) tools from ...