Sophos researchers recently analyzed a ransomware attack by RansomHub, uncovering a new tool that disables Endpoint Detection and Response (EDR) systems. They named this tool EDRKillShifter, which allows attackers to disable EDR agents before launching further attacks.
John Bambenek, President of Bambenek Consulting, noted that while RansomHub currently uses this tool, its presence on the dark web means others could adopt it. He urges security teams to closely monitor driver installations to prevent such attacks.