How Ransomhub Ransomware Uses EDRKillShifter to Disable EDR and Antivirus Protections

1(520) 261-1728

How Ransomhub Ransomware Uses EDRKillShifter to Disable EDR and Antivirus Protections

The RansomHub ransomware, attributed to a group tracked as Water Bakunawa, employs sophisticated anti-EDR techniques to evade security solutions. Its attack chain includes exploiting vulnerabilities like Zerologon, using EDRKillShifter to disable endpoint protection, and employing various evasion scripts. The ransomware targets multiple industries and critical infrastructure sectors, using spear-phishing for initial access. It utilizes tools like NetScan for network reconnaissance and AnyDesk for command and control. The attackers exfiltrate sensitive data using rclone before encrypting files and demanding ransom. The evolving tactics of RansomHub highlight the need for advanced, multi-layered security strategies to protect against modern ransomware threats. Author: AlienVault

Related Tags:
EDRKillShifter

RansomHub

T1569.002

T1222.001

T1548.002

T1078.002

T1003.001

T1567.002

Associated Indicators:
30ABBBEEDEEB268435899A7697F7A72F37A38E60AE2430E09BC029C7A8AA7001

BD70882F67DA03836F372172F655456CE19F95878D70EC39FCC6C059F9EF4CA0

869758DE8334C2B201A07CFBFC0A903105A113080DDE0355857DE46B3EAAE08E

BFBBBA7D18BE1AA2E85390FA69A761302756EE9348B7343AF6F42F3B5D0A939C

B2A2E8E0795B2F69D96A48A49985FB67D22D1C6E8B40DADD690C299B9AF970D4

8DE2D38D33294586B4758599FDF65F1A265E013B

77DAF77D9D2A08CC22981C004689B870F74544B5

2E89CF3267C8724002C3C89BE90874A22812EFC6

86CDB729094C013E411AC9B4C72485A55A629E5D

Threat Intel Solutions

How Ransomhub Ransomware Uses EDRKillShifter to Disable EDR and Antivirus Protections

Search

Popular Posts

2024 macOS Malware Review | Infostealers, Backdoors, and APT Campaigns Targeting the Enterprise

The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads

MintsLoader: StealC and BOINC Delivery

Categories

Archives

Tags

Follow Us