Ransomware Tactics Evolve: EDR Killers Expand Beyond Vulnerable Drivers

Ransomware Tactics Evolve: EDR Killers Expand Beyond Vulnerable Drivers

First seen 19 Mar 2026, 15:14 UTC Feeds2.FeedburnerBetanewsWelivesecurityCybersecuritynewsSocprime+8 86% similarity 69.5

Article Content

Browse articles
ThreatCluster

Recent research from ESET reveals that ransomware attackers are increasingly using EDR killers to disable endpoint detection and response (EDR) systems before launching their encryptors. These tools have become standard in modern ransomware operations, with ESET tracking nearly 90 different EDR killers in active use. Attackers typically gain high privileges, deploy EDR killers to disrupt security software, and then execute the ransomware. The research highlights the growing complexity of these tools, which now include methods beyond the traditional Bring Your Own Vulnerable Driver (BYOVD) technique, such as script-based and driverless approaches. ESET emphasizes the need for organizations to enhance their defenses against these evolving tactics, as relying solely on blocking vulnerable drivers is insufficient. The study also notes that some EDR killers may exhibit traits of AI-assisted generation, complicating detection efforts. The findings underscore the necessity for a multi-faceted defense strategy against ransomware threats.

Key Points: • EDR killers are now standard tools in ransomware attacks, with nearly 90 variants tracked. • Attackers use EDR killers to disable security systems before launching ransomware encryptors. • New tactics include script-based and driverless approaches, complicating detection and defense.

ThreatCluster AI

Timeline

2026-03-19
ESET publishes research on EDR killers in ransomware operations.
Recent
Ransomware tactics evolve beyond BYOVD to include new EDR killer methods.

Community

Browse all →