Recent research has unveiled links between associates of RansomHub and additional ransomware factions such as Medusa, BianLian, and Play.
Recent research has unveiled links between associates of RansomHub and additional ransomware factions such as Medusa, BianLian, and Play. These ties are established through a specialized utility created to deactivate endpoint detection and response (EDR) applications on infiltrated systems, as detailed by ESET. Known as EDRKillShifter, this tool for neutralizing EDR software was initially observed in action by operators associated with RansomHub
Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.
