TechNadu

DeadLock ransomware now uses a new BYOVD loader exploiting Baidu driver CVE-2024-51324 to terminate EDR processes at the kernel level. Pre-encryption PowerShell scripting disables defenses and wipes shadow copies before deploying custom time-based encryption.
https://www.technadu.com/deadlock-ransomware-uses-new-byovd-loader-exploiting-driver-vulnerability-to-disable-edr/615498/

#Cybersecurity #Ransomware #BYOVD #DeadLock #EDR #ThreatIntel

Dec 10 at 2:07pmWeb