LockBit Ransomware Silently Disables all EDR

Logo
Presented by

Desmond Ngu - Cybersecurity Consultant

About this talk

During a recent incident response investigation of a LockBit ransomware attack, the Sangfor Cyber Guardian IR Team discovered LockBit used TDSSKiller from Kaspersky to terminate EDR agents to evade detection and deploy the ransomware. TDSSKiller is a legitimate tool developed by Kaspersky to detect and remove rootkits. However, our investigation reveals that it can be abused to kill endpoint security software, including Microsoft Defender. This webinar will demonstrate how LockBit disables EDR and what You need to do to protect against this threat.
Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (214)
Subscribers (13168)
Sangfor Technologies is a leading vendor of Network Security, Cloud Computing and Infrastructure solutions. Our Webinar Series are designed to educate current & new customers about the Latest Trends in Cyber Security & Cloud Computing. Stay tuned for more information about our upcoming webinars by visiting our website at www.sangfor.com.