BYOVD Enables 54 EDR Killers to Undermine Defenses Ahead of Ransomware
An ESET study finds 54 EDR killer tools abuse Bring-Your-Own-Vulnerable-Driver (BYOVD) tactics across 34 signed drivers to gain kernel privileges, disable security tools, and pave the way for ransomware encryptors; actors range from closed ransomware groups and PoC tweakers to underground marketplace vendors, with some variants using scripting or driverless approaches. The report emphasizes the need for layered defenses and tighter monitoring of driver loading to disrupt attacks at multiple stages.