![[The AI Show Episode 145]: OpenAI Releases o3 and o4-mini, AI Is Causing “Quiet Layoffs,” Executive Order on Youth AI Education & GPT-4o’s Controversial Update](https://www.marketingaiinstitute.com/hubfs/ep%20145%20cover.png)
.png?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
_Vladimir_Stanisic_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
![Amazon to display cost of tariffs on products in 'hostile and political' act [u]](https://photos5.appleinsider.com/gallery/63442-131837-000-lede-Amazon-xl.jpg)
![Here are Android Auto’s upcoming climate controls [Gallery]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2025/03/android-auto-icon-subaru.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1){kind=icon}
![AirPods Pro 2 With USB-C Back On Sale for Just $169! [Deal]](https://www.iclarified.com/images/news/96315/96315/96315-640.jpg)
![Apple Releases iOS 18.5 Beta 4 and iPadOS 18.5 Beta 4 [Download]](https://www.iclarified.com/images/news/97145/97145/97145-640.jpg)
![Apple Seeds watchOS 11.5 Beta 4 to Developers [Download]](https://www.iclarified.com/images/news/97147/97147/97147-640.jpg)
![Did T-Mobile just upgrade your plan again? Not exactly, despite confusing email [UPDATED]](https://m-cdn.phonearena.com/images/article/169902-two/Did-T-Mobile-just-upgrade-your-plan-again-Not-exactly-despite-confusing-email-UPDATED.jpg?#)
Threat Actors Increasingly Utilize Ransomware as a Service Boosted by EDR Killers
The cybersecurity landscape is witnessing a significant shift as threat actors increasingly leverage Ransomware as a Service (RaaS) platforms enhanced by sophisticated Endpoint Detection and Response (EDR) killers. Despite successful law enforcement operations against established ransomware gangs like LockBit, new players have swiftly emerged to fill the void, employing aggressive business strategies and advanced tools […] The post Threat Actors Increasingly Utilize Ransomware as a Service Boosted by EDR Killers appeared first on Cyber Security News.
The cybersecurity landscape is witnessing a significant shift as threat actors increasingly leverage Ransomware as a Service (RaaS) platforms enhanced by sophisticated Endpoint Detection and Response (EDR) killers.
Despite successful law enforcement operations against established ransomware gangs like LockBit, new players have swiftly emerged to fill the void, employing aggressive business strategies and advanced tools designed to bypass security protections.
February 2024 marked the emergence of RansomHub, a ransomware group that rapidly ascended to dominance within the cybercriminal ecosystem.
The group’s meteoric rise can be attributed to its attractive affiliate program, offering partners the opportunity to retain 90% of collected ransoms and guaranteeing direct payments to affiliate wallets.
This business model has successfully attracted both skilled and novice cybercriminals to their platform.
ESET researchers identified a concerning development by May 2024, when RansomHub introduced its proprietary EDR killer, dubbed “EDRKillShifter” by Sophos analysts.
Unlike traditional approaches that repurpose existing proof-of-concepts, RansomHub developed and maintains this custom tool specifically designed to terminate, blind, or crash installed security solutions by exploiting vulnerable drivers.
The financial impact of these evolving threats cannot be overstated. Between 2022 and 2024, ransomware and extortion breaches accounted for nearly two-thirds of financially motivated attacks.
Organizations experiencing successful breaches face revenue losses averaging 9% of annual earnings, stock value declines of 2.5%, and significant difficulty attracting or retaining customers, according to the latest cybersecurity reports.
Technical Analysis of EDRKillShifter’s Operation
The EDRKillShifter tool represents a sophisticated evolution in EDR evasion techniques. It operates through a Bring-Your-Own-Vulnerable-Driver (BYOVD) attack pattern, loading legitimate but vulnerable drivers into system memory.
Once loaded, the tool exploits known vulnerabilities in these signed drivers to gain kernel-level access, effectively bypassing standard security controls.
ESET researchers discovered instances where a single threat actor possessed multiple EDRKillShifter variants linked to various ransomware groups including BianLian, RansomHub, Medusa, and Play, indicating skilled affiliates simultaneously working across multiple ransomware operations.
This cross-pollination of advanced tools across different ransomware ecosystems represents a significant escalation in the collaborative capabilities of the ransomware underworld.
The identification of these relationships between seemingly separate ransomware operations demonstrates how the boundaries between competing criminal enterprises have become increasingly porous, creating a more formidable collective threat to organizational security worldwide.
Malware Trends Report Based on 15000 SOC Teams Incidents, Q1 2025 out!-> Get Your Free Copy
The post Threat Actors Increasingly Utilize Ransomware as a Service Boosted by EDR Killers appeared first on Cyber Security News.
