How ransomhub ransomware uses edrkillshifter to disable edr and antivirus protections

Intel Name: How ransomhub ransomware uses edrkillshifter to disable edr and antivirus protections

Date of Scan: September 25, 2024

Impact: Medium

Summary:
RansomHub is recognized for its affiliate model and for employing techniques that disable or terminate endpoint detection and response (EDR) systems, allowing it to evade detection and maintain a foothold in compromised environments. Recently, our threat hunting team uncovered Ransomhub’s latest evasion method: the integration of EDRKillShifter into its attack chain. This discovery enabled us to investigate a recent incident using telemetry data from Trend Micro’s Vision One.

More Details