The Digital Source For China's Tech Innovation Since 2000

Medusa ransomware is able to disable anti-malware tools, so be on your guard

March 25, 2025

Source:

News Snapshot:

Researchers spot Medusa ransomware operators deploying smuol.sys This driver mimics a legitimate CrowdStrike Falcon driver Medusa is actively targeting critical infrastructure organizations Operators of the Medusa ransomware are engaging in old-fashioned bring-your-own-vulnerable-driver (BYOD) attacks, bypassing endpoint protection, detection and response (EDR) tools while installing the encryptor. Cybersecurity researchers Elastic Security Labs noted the attacks start as the threat actors drop an unnamed loader, which deploys two things on the target endpoint: the vulnerable driver, and the encryptor. The driver in question is smuol.sys, and it mimics a legitimate CrowdStrike Falcon driver named CSAgent.sys. It was also said to have been...

Go To Original Source →

The Digital Source For China's Tech Innovation Since 2000

Medusa ransomware is able to disable anti-malware tools, so be on your guard

Other Related News:

Meet these two new ASX ETFs

Samsung Galaxy Z Fold 7 vs. Google Pixel 9 Pro Fold: How will the top Android foldables compare?

Stock market slumps as Trump renews criticism of Federal Reserve Chair Jerome Powell

DroneShield shares jump on record-breaking quarter

Politics Insider: Conservative candidate targeted by election interference from China, watchdog says

How to choose a US focused ASX ETF for the current market environment

'Repression' operation targets Conservative candidate