
New Malware Capable of Completely Disabling Your Antivirus
One of the most common cybersecurity recommendations is to keep your antivirus protection up to date. However, a dangerous new malware, EDRKillShifter, is capable of disabling antivirus software, leaving businesses vulnerable to cyberattacks.
What You Need to Know About EDRKillShifter
Recently discovered by Sophos security researchers, EDRKillShifter appears to be linked to the RansomHub ransomware group. However, other cybercrime organizations are exploiting this malware, indicating that it may be available for sale on the dark web.
EDRKillShifter’s primary function is to disable endpoint detection and response (EDR) on your device. It achieves this by installing legitimate but vulnerable drivers and exploiting their weaknesses. From there, the malware can deliver various payloads, such as ransomware encryptors, while gaining access to sensitive networks via privilege escalation.
For more information on how to protect your network from emerging threats like EDRKillShifter, click here to schedule a discovery call with Lazer IT Consultants.
Protecting Your Business From This Threat
While endpoint protection and antivirus software remain essential, it’s important to go beyond the basics to defend your business from this new type of malware.
1. Keep Your System Updated
Regularly installing software and hardware updates is crucial to closing loopholes that cybercriminals can exploit. For example, Microsoft is now decertifying signed drivers with known abuse histories. Keeping your system updated provides protection against driver exploitation.
2. Separate Administrator and User Privileges
One key element of EDRKillShifter is that it requires administrator permissions to function. If hackers gain administrator control, they can install infected drivers. Limiting who has access to critical areas of your network makes it more difficult for attackers to escalate privileges.
3. Enable Tamper Protection
Securing your endpoints is vital to preventing malware from disabling your antivirus software. Enabling tamper protection on your EDR tools ensures hackers cannot make unauthorized changes to your system.
Continue Practicing Basic Cyber Hygiene
While advanced malware like EDRKillShifter poses a significant threat, basic cyber hygiene practices remain essential to protecting your company.
Some key tactics to consider include:
- Implementing encryption for endpoints, email, and disks.
- Developing clear policies on device usage, ensuring that only secure devices can access the network.
- Proactively setting up web security protocols to filter out dangerous websites.
- Educating employees about the latest phishing attacks and social engineering techniques.
To learn more about how network security services from Lazer IT Consultants can safeguard your business from malware threats, contact us today.
Conclusion
Ransomware continues to be a pressing cybersecurity threat for businesses, and this new malware capable of disabling antivirus protection adds to the arsenal of tools that cybercriminals use. Staying vigilant, using advanced protection tools, and maintaining strong cyber hygiene are essential to defending your business from evolving threats.
For expert assistance in implementing comprehensive network security, learn more about our project services and protect your business today.