BlackByte hijacks EDR solutions with “Bring Your Own Driver” principle
The security specialists from Sophos uncovered a new scam by the relatively young ransomware gang BlackByte. These use the "Bring Your Own Driver" principle to bypass more than 1.000 drivers used in Endpoint Detection and Response (EDR) solutions industry-wide. Sophos describes the attack tactics, techniques and procedures (TTPs) in the new report “Remove all the Callbacks – BlackByte Ransomware Disables EDR via RTCore64.sys Abuse”. BlackByte, which was named as a threat to critical infrastructure in a special report by the Secret Service and FBI earlier this year, surfaced in May after a brief hiatus...