BYOVD Enables 54 EDR Killers to Undermine Defenses Ahead of Ransomware

March 20, 2026 at 04:31 AM

•

1 min read

BYOVD Enables 54 EDR Killers to Undermine Defenses Ahead of Ransomware — Photo: The Hacker News

TL;DR Summary

An ESET study finds 54 EDR killer tools abuse Bring-Your-Own-Vulnerable-Driver (BYOVD) tactics across 34 signed drivers to gain kernel privileges, disable security tools, and pave the way for ransomware encryptors; actors range from closed ransomware groups and PoC tweakers to underground marketplace vendors, with some variants using scripting or driverless approaches. The report emphasizes the need for layered defenses and tighter monitoring of driver loading to disrupt attacks at multiple stages.

Topics:technology #byovd #edr-killers #kernel-mode #ransomware #security #vulnerable-drivers

Share this article

54 EDR Killers Use BYOVD to Exploit 34 Signed Vulnerable Drivers and Disable Security The Hacker News
EDR killers explained: Beyond the drivers WeLiveSecurity
ESET Research: A deep dive into EDR killers - a cornerstone of modern ransomware operations The Spec
EDR killers are now standard equipment in ransomware attacks Help Net Security
EDR killers -- the key to ransomware operations BetaNews

Reading Insights

Total Reads

Unique Readers

Time Saved

4 min

vs 4 min read

Condensed

91%

773 → 71 words

Want the full story? Read the original article

Read on The Hacker News

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights