Can’t wait till we see you in..
LockBit Ransomware Silently Disables all EDR
During a recent incident response investigation of a LockBit ransomware attack, the Sangfor Cyber Guardian IR Team discovered LockBit used TDSSKiller from Kaspersky to terminate EDR agents to evade detection and deploy the ransomware. TDSSKiller is a legitimate tool developed by Kaspersky to detect and remove rootkits. However, our investigation reveals that it can be abused to kill endpoint security software, including Microsoft Defender. This webinar will demonstrate how LockBit disables EDR and what You need to do to protect against this threat.
Speaker: Desmond Ngu
Desmond is the Security Services Consultant for Sangfor International Market Department. Before joining Sangfor, he has worked in a top advisory firm which focuses on cyber security assessments from the offensive to defensive approach in managing cyber risks.