Attacks with the malicious ABYSSWORKER driver have been launched by the Medusa ransomware-as-a-service operation to facilitate the distribution of the HeartCrypt packer-as-a-service while circumventing anti-malware tools, according to The Hacker News.
Deployment of the legitimate CrowdStrike Falcon driver-spoofing ABYSSWORKER facilitates the execution of several I/O codes that disrupt endpoint detection and response systems, a report from Elastic Security Labs showed. "These handlers cover a wide range of operations, from file manipulation to process and driver termination, providing a comprehensive toolset that can be used to terminate or permanently disable EDR systems," said Elastic Security researchers. Such findings come after the RansomHub ransomware gang, also known as Cyclops and Greenbottle, had one of its affiliates reported by Symantec to have leveraged the new sophisticated Betruger backdoor in its attacks. "The functionality of Betruger indicates that it may have been developed in order to minimize the number of new tools dropped on a targeted network while a ransomware attack is being prepared," said Symantec researchers.
Deployment of the legitimate CrowdStrike Falcon driver-spoofing ABYSSWORKER facilitates the execution of several I/O codes that disrupt endpoint detection and response systems, a report from Elastic Security Labs showed. "These handlers cover a wide range of operations, from file manipulation to process and driver termination, providing a comprehensive toolset that can be used to terminate or permanently disable EDR systems," said Elastic Security researchers. Such findings come after the RansomHub ransomware gang, also known as Cyclops and Greenbottle, had one of its affiliates reported by Symantec to have leveraged the new sophisticated Betruger backdoor in its attacks. "The functionality of Betruger indicates that it may have been developed in order to minimize the number of new tools dropped on a targeted network while a ransomware attack is being prepared," said Symantec researchers.
