{"id":162795,"date":"2023-04-25T06:22:38","date_gmt":"2023-04-25T11:22:38","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2023\/04\/ransomware-hackers-using-aukill-tool-to-disable-edr-software-using-byovd-attack"},"modified":"2023-04-25T06:22:38","modified_gmt":"2023-04-25T11:22:38","slug":"ransomware-hackers-using-aukill-tool-to-disable-edr-software-using-byovd-attack","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2023\/04\/ransomware-hackers-using-aukill-tool-to-disable-edr-software-using-byovd-attack","title":{"rendered":"Ransomware Hackers Using AuKill Tool to Disable EDR Software Using BYOVD Attack"},"content":{"rendered":"

<\/a><\/p>\n

Play ransomware is notable for not only utilizing intermittent encryption<\/a> to speed up the process, but also for the fact that it\u2019s not operated on a ransomware-as-a-service (RaaS) model. Evidence gathered so far points to Balloonfly carrying out the ransomware attacks as well as developing the malware themselves.<\/p>\n

Grixba and VSS Copying Tool are the latest in a long list of proprietary tools such as Exmatter<\/a>, Exbyte<\/a>, and PowerShell-based scripts<\/a> that are used by ransomware actors to establish more control over their operations, while also adding extra layers of complexity to persist in compromised environments and evade detection.<\/p>\n

Another technique increasingly adopted by financially-motivated groups is the use of the Go programming language to develop cross-platform malware<\/a> and resist analysis<\/a> and reverse engineering<\/a> efforts.<\/p>\n","protected":false},"excerpt":{"rendered":"

Play ransomware is notable for not only utilizing intermittent encryption to speed up the process, but also for the fact that it\u2019s not operated on a ransomware-as-a-service (RaaS) model. Evidence gathered so far points to Balloonfly carrying out the ransomware attacks as well as developing the malware themselves. Grixba and VSS Copying Tool are the [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34,1625,38],"tags":[],"class_list":["post-162795","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode","category-encryption","category-engineering"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/162795","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=162795"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/162795\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=162795"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=162795"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=162795"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}