Intel Name: How ransomhub ransomware uses edrkillshifter to disable edr and antivirus protections
Date of Scan: September 25, 2024
Impact: Medium
Summary: RansomHub is recognized for its affiliate model and for employing techniques that disable or terminate endpoint detection and response (EDR) systems, allowing it to evade detection and maintain a foothold in compromised environments. Recently, our threat hunting team uncovered Ransomhub’s latest evasion method: the integration of EDRKillShifter into its attack chain. This discovery enabled us to investigate a recent incident using telemetry data from Trend Micro’s Vision One.