This Week Health
SOAR 2024 Bluebird Leaders This Week HealthAlex's Lemonade Stand This Week Health
<- Back to Insights
August 30, 2024

Tool used by ransomware groups now seen killing EDR: Report

CSO Online
|
Summary
A recent report from Sophos has highlighted significant updates to the Poortry/BurntCigar toolkit, a tool used by ransomware groups to compromise endpoint protection software. Originally identified for terminating endpoint detection and response (EDR) processes, the toolkit now has the capability to completely wipe EDR software from systems. The toolkit uses a malicious kernel driver and loader, heavily obfuscated to evade detection, and it has been utilized by ransomware gangs such as Cuba, BlackCat, and LockBit. Following Microsoft's closure of a loophole allowing custom kernel-level driver signing, developers have adapted by using methods like Signature Timestamp Forging and obtaining valid leaked certificates. These adaptations have enabled the toolkit to function akin to a rootkit, enhancing its evasion capabilities and making it a more formidable threat to IT defenses.

Explore Related Topics

Subscribe Now to Receive Seven Top Stories Daily to Your Inbox

Subscribe News
Healthcare Transformation, Powered by Community

© Copyright 2024 Health Lyrics All rights reserved