Babuk Locker
Hackers now use Velociraptor DFIR tool in ransomware attacks
Threat actors have started to use the Velociraptor digital forensics and incident response (DFIR) tool in attacks that deploy LockBit and Babuk ransomware. Cisco Talos researchers assess with medium confidence that the attacker behind the campaigns is a China-based adversary tracked as Storm-2603. Velociraptor is an open-source DFIR tool created by Mike Cohen. The project has been […]
New “Bring Your Own Installer” EDR bypass used in ransomware attack
A new “Bring Your Own Installer” EDR bypass technique is exploited in attacks to bypass SentinelOne’s tamper protection feature, allowing threat actors to disable endpoint detection and response (EDR) agents to install the Babuk ransomware. This technique exploits a gap in the agent upgrade process that allows the threat actors to terminate running EDR agents, leaving […]