Ransomware Gangs Exploit Drivers to Evade EDR Defenses

Cyber Threat Intelligence has flagged a concerning trend where both Qilin and Warlock ransomware strains are leveraging vulnerable drivers to bypass a significant number of Endpoint Detection and Response (EDR) tools. This tactic allows attackers to operate with greater stealth, potentially disabling critical security monitoring before deploying their malicious payloads.

The exploitation of these drivers is a sophisticated move, enabling the ransomware to gain kernel-level privileges. This level of access is powerful, as it allows the malware to manipulate or terminate the processes associated with over 300 different EDR solutions. By neutralizing these defenses, attackers create a much wider attack window, increasing the likelihood of successful encryption and data exfiltration.