216.73.217.139

How Ransomhub Ransomware Uses EDRKillShifter to Disable EDR and Antivirus Protections

· Published 24/09/2024 14:26 · Modified 24/09/2024 14:39

Export JSON

Essential information

Published
24/09/2024 14:26
Modified
24/09/2024 14:39
Tags
2024-09-24 edrkillshifter ransomhub
Related entities
9 observables, 1 intrusion sets (apt), 15 techniques (mitre), 2 malware, 8 others

Description

The ransomware, attributed to a group tracked as Water Bakunawa, employs sophisticated anti-EDR techniques to evade security solutions. Its attack chain includes exploiting vulnerabilities like Zerologon, using to disable endpoint protection, and employing various evasion scripts. The ransomware targets multiple industries and critical infrastructure sectors, using spear-phishing for initial access. It utilizes tools like NetScan for network reconnaissance and AnyDesk for command and control. The attackers exfiltrate sensitive data using rclone before encrypting files and demanding ransom. The evolving tactics of highlight the need for advanced, multi-layered security strategies to protect against modern ransomware threats.

External references