RansomHub has employed a novel attack method, leveraging TDSSKiller to disable EDR systems and LaZagne to steal credentials, marking a new tactic for RansomHub, previously not documented by CISA. The attack begins with network reconnaissance using admin group enumeration to deploy the tools. It used TDSSKiller, a legitimate rootkit removal tool, to disable security services … Continue reading New RansomHub Attack Destroys Kaspersky’s TDSSKiller to Cripple EDR Defenses