Cert2Connect

How Ransomhub Ransomware Uses EDRKillShifter to Disable EDR and Antivirus Protections

The RansomHub ransomware attributed to a group tracked as Water Bakunawa employs sophisticated anti-EDR techniques to evade security solutions. Its attack chain includes exploiting vulnerabilities like Zerologon using EDRKillShifter to disable endpoint protection and employing various evasion scripts. The ransomware targets multiple industries and critical infrastructure sectors using spear-phishing for initial access. It utilizes tools like NetScan for network reconnaissance and AnyDesk for command and control. The attackers exfiltrate sensitive data using rclone before encrypting files and demanding ransom. The evolving tactics of RansomHub highlight the need for advanced multi-layered security strategies to protect against modern ransomware threats.
Overview

WILT U WETEN HOE DIT RISICO
UITGEBANNEN KAN WORDEN?

Wij helpen je graag. Indien gewenst geven we graag een presentatie of demo van onze oplossingsaanpak. Je vindt ons ook regelmatig op beurzen en events. Volg de evenementenpagina op deze site of meld je aan via de contactpagina voor onze nieuwsbrief.

Maak een afspraak