When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
As a result, the encryptor also failed and the entire attempt was abandoned.
In itsanalysis of EDRKillShifter, Sophos describes it as a loader that drops a legitimate, but vulnerable driver.
Then, they abuse the holes found in that driver to deploy malware.
Depending on the threat actors requirements, EDRKillShifter delivers a variety of different driver payloads, it was said.
Finally, businesses should keep their systems updated, asMicrosoftrecently started de-certifying old signed drivers.
