Cybercrime Chaos: EDRKillShifter and SbaProxy Unleash Havoc on Security Systems

Cybercriminals linked to RansomHub ransomware are now using EDRKillShifter, a tool designed to disable endpoint detection and response software. This EDR-killing utility, discovered by Sophos, is the latest in a line of tools like AuKill and Terminator, aiming to thwart cybersecurity defenses and escalate privileges on compromised systems.

3P
Published: August 15, 2024 11:27 amAdded: August 17, 2024 at 6:00 pmAssembled by: The Editor
Pro Dashboard

Hot Take:

Looks like the cybercriminals are playing a high-tech version of Whac-A-Mole with our EDR systems. Just when we think we’ve squashed one, another pops up with a fancy new name and even fancier tricks up its sleeve. Who knew malware authors had such a flair for dramatic rebranding?

Key Points:

  • RansomHub gang has a new tool, EDRKillShifter, to terminate endpoint detection and response (EDR) software.
  • EDRKillShifter works by exploiting vulnerable drivers to gain elevated privileges and disarm EDR software.
  • RansomHub is likely a rebrand of the Knight ransomware and has been active since February 2024.
  • Scattered Spider syndicate has added RansomHub and Qilin ransomware to its toolkit.
  • Another threat, SbaProxy, uses modified antivirus binaries to establish proxy connections through a C2 server.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?