Ransomware actors are increasingly abusing vulnerable drivers to craft tools known as "EDR killers," which can disrupt and ...

RansomHub's EDRKillShifter used in 2024 ransomware by Medusa, BianLian, and Play, revealing cross-gang tool sharing.

ESET uncovers a link between RansomHub, Play, Medusa, and BianLian ransomware gangs as more groups adopt tools to disable EDR software.

Researchers spot Medusa ransomware operators deploying smuol.sys This driver mimics a legitimate CrowdStrike Falcon driver ...

A Medusa ransomware campaign is using a malicious driver to disrupt and even delete endpoint detection and response (EDR) ...

Short for Endpoint Detection and Response Silencer, the tool was designed to interfere with, or disable, EDR solutions that ...

Medusa ransomware uses ABYSSWORKER driver with stolen certificates to disable EDR and enable RDP access, risking data breaches.

Eventually, the threat actors dropped a password-protected ZIP file (win.zip) containing the ransomware payload (win.exe), but the victim's EDR tool detected and quarantined it, essentially ...

EDR tools sit on the endpoint and record data that's either addressed directly on the endpoint or sent to the cloud somewhere to determine whether any of the behavior observed is anomalous and ...

Microsoft Are ‘Rethinking’ Security After CrowdStrike Outage] TechCrunch cited posts on social media that have pointed to difficulties with endpoint detection and response (EDR) tools from ...