The cybercrime-focused enterprise known as FIN7 (aka the Carbanak group) has come up with yet another trick to assure the effectiveness of its “EDR killer” tool, dubbed AvNeutralizer (i.e., AuKill) by researchers. By leveraging Windows’ built-in driver TTD Monitor Driver (ProcLaunchMon.sys), in conjunction with updated, Windows-trusted versions of the Process Explorer driver (procexp), the tool is able to effectively DoS some specific implementations of protected processes. “This updated version has been used in ransomware intrusions … More

The post FIN7 sells improved EDR killer tool appeared first on Help Net Security.