Back

Qilin and Warlock Ransomware Exploit Vulnerable Drivers to Compromise EDR Tools

Severity: High (Score: 69.6)

Sources: Thehackernews

Summary

Qilin and Warlock ransomware variants have been identified exploiting vulnerable drivers to disable over 300 endpoint detection and response (EDR) tools. This exploitation allows the ransomware to evade detection and significantly increases the risk of successful attacks on organizations. The vulnerabilities leveraged by these ransomware families are critical, impacting a wide range of systems and potentially affecting millions of users. Current investigations are ongoing to assess the full scope of the impact and to develop mitigation strategies. Organizations are urged to review their security measures and update their systems to protect against these threats. The situation remains fluid as cybersecurity teams work to respond to the evolving tactics employed by these ransomware groups. Key Points: • Qilin and Warlock ransomware disable over 300 EDR tools using vulnerable drivers. • The attack method allows evasion of detection, increasing the risk of successful ransomware attacks. • Organizations are advised to review and strengthen their security measures against these threats.

Key Entities

  • Ransomware (attack_type)
  • T1562 - Impair Defenses (mitre_attack)
  • Qilin (ransomware_group)
  • REvil (ransomware_group)
  • Warlock (ransomware_group)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed