Crypto24 ransomware hits large orgs with custom EDR evasion tool
Crypto24 ransomware hits large orgs with custom EDR evasion tool — Crypto24 ransomware hits large orgs with custom EDR evasion tool [https://www.bleepstatic.c
What’s new: The Crypto24 ransomware group has developed custom tools to evade endpoint detection and response (EDR) solutions, targeting large organizations across the finance, manufacturing, entertainment, and tech sectors. Their tactics include activating administrative accounts, creating malicious services, and using a modified version of the open-source tool RealBlindingEDR to disable security software from multiple vendors. They exfiltrate data to Google Drive and execute ransomware after deleting volume shadow copies to hinder recovery.
Who’s affected
Large organizations in the United States, Europe, and Asia, particularly in high-value sectors such as finance, manufacturing, entertainment, and technology.
What to do
- Review and enhance endpoint security measures to detect and block the tools used by Crypto24.
- Monitor for unusual account activity and unauthorized administrative access on systems.
- Implement strict controls on the use of administrative privileges and regularly audit user accounts.
- Ensure regular backups are maintained and test recovery procedures to mitigate ransomware impact.
- Utilize the provided indicators of compromise (IOCs) to identify potential Crypto24 activity within your network.
