Skip to content

How to turn back time on ransomware

Security solutions including ransomware remediation bolster resiliency and business continuity.

Ransomware is a critical threat that can instantly encrypt and lock users out of business computers, halting essential work processes. According to IBM’s Cost of a Data Breach Report 2024, the average cost of a ransomware attack is a staggering $4.91 million, with expenses escalating if law enforcement is involved. Recovery can span days, months, or even years, depending on the threat actor’s persistence and the security team’s preparedness. For companies that face double extortion ransomware – where cybercriminals encrypt sensitive user data and also threaten to publish it on the dark web, sell it to the highest bidder, or restrict access if the ransom is unpaid – the timeline for recovery can be even longer.

This makes recovery and related expenditures not just problematic, but potentially devastating, often leaving businesses at the mercy of cybercriminals even after paying the initial ransom.

A critical landscape for businesses of all sizes

The rapidly evolving nature of ransomware, including the involvement of nation-state actors, has created an increasingly hostile threat landscape for small and medium-sized businesses (SMBs), enterprises, and state infrastructure. Ransomware now accounts for 23% of all breaches, with SMBs particularly vulnerable due to limited cybersecurity budgets. In the Asia-Pacific region, 1 in 4 attacks against SMBs were ransomware-related, according to ESET. The urgency to bolster defenses has never been greater, as the frequency and sophistication of these attacks continue to rise.

What is ESET Ransomware Remediation?

Minimizing business impact in the event of a ransomware attack is paramount. Thus, ESET Ransomware Remediation (RR) combines prevention and remediation into one, providing a comprehensive multistage approach to combating encryption.

It all starts with the ESET Ransomware Shield (RS), which is triggered by suspicious actions. Like other behavioral detection systems, such as the ESET Host-based Intrusion Prevention System, it works in concert with ESET LiveSense technologies, dissecting and analyzing malware to its core. If ransomware is likely, RS flags it and initiates remediation.

ESET Ransomware Shield and Ransomware Remediation’s complex process tree
ESET Ransomware Shield and Ransomware Remediation’s complex process tree

ESET RR then starts creating file backups for any file operation impacted by the flagged process (before it can make any modifications). It will continue to do so until RS decides the process is OK, at which point the backup is discarded. Otherwise, RS decides the process is malicious, kills it, and rolls back files from the backup.

Ransomware Remediation is highly configurable. Adding or removing file types that need to be backed up can make a large difference.

This backup process is much more robust, as unlike Windows Volume Shadow Copy-based solutions, it is not a local service that can be abused by the attackers. RR has its own protected storage section on the drive where files cannot be modified or corrupted, nor can the backup be deleted by the attacker. This solves and actively blocks one of the most common failings of regular backups following a ransomware attack.

Days of future past

The role of the admin in the RR process is to understand the capabilities and add file types to the filter that RR applies when creating backups. The only limit to the backups is disk size (and a max size of 30MB per file).

While ESET Ransomware Remediation is very powerful, having other backups as described by the 3-2-1 rule is still a best practice. Always remember to have at least three different copies of data (including the original), two different media types (disk, tape), and one off-site copy (cloud).

All in all, ransomware can be quite sophisticated and troublesome, but it can still be combated. And thanks to secure backups, time travel is not so sci-fi anymore.

For more information on how ESET Ransomware Remediation works, please visit our webpage.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

12 common BYOD security risks & how to mitigate each one

Summary: BYOD boosts flexibility but increases security risks like data leaks and malware. Enforce strong authentication, network segmentation, and endpoint security.

Bring-your-own-device programs have grown fast in recent years. A 2022 survey showed that over 60% of organizations allow personal devices for work tasks.

This trend highlights the many benefits of BYOD. Workers stay productive on mobile devices they already know. Companies reduce hardware expenses and expand remote work options.

Still, BYOD security issues are on the rise. Experts warn of data theft, malware infections, and other risks. These dangers of BYOD can disrupt operations and leak sensitive data. Security measures are essential when users connect BYOD devices to a company network.

Below, we look at 12 BYOD security risks and show how to mitigate them. We also share how NordLayer supports secure bring your own device initiatives with modern tools.

What does BYOD mean for modern security?

BYOD means employees use personal devices for work tasks. These devices might be smartphones, tablets, or laptops. Many companies find that this flexibility improves morale and cuts costs. Yet the convenience also brings security threats.

When people use their own hardware, administrators lose some control. Different operating systems and software versions complicate oversight.

Without a strong BYOD security policy, BYOD vulnerabilities grow. BYOD cybersecurity threats can include malicious apps, outdated software, and easy entry points for attackers. The result can be serious data loss or system disruptions.

Robust mobile device management is critical to avoid major BYOD attacks. IT teams must adopt device security tools, enforce security measures, and monitor network access. Without those steps, the risks of BYOD can quickly outweigh its benefits.

Main BYOD security risks and how to mitigate them

Effective BYOD security starts with understanding common risks employees face daily. Companies often overlook simple issues like weak passwords, making data breaches more likely. The following section covers these risks clearly and suggests easy-to-follow strategies for reducing threats. Implementing these steps strengthens your organization’s overall BYOD security.

1. Weak passwords

Weak credentials present a huge problem. Microsoft identified 44 million accounts using passwords leaked in prior breaches​. Personal and corporate data become easy targets when employees reuse simple passphrases.

Solution: Enforcing strong password policies (length, complexity, non-reuse) and multi-factor authentication (MFA) dramatically lowers risk: according to one report, MFA can block over 99.9% of account compromise attacks.

Use MFA for all logins. Require complex passwords of at least 12 characters. Encourage passphrases instead of short strings and try to use cybersecurity tools with integrated password managers.

2. Unsecured Wi-Fi networks

Open hotspots let attackers spy on private sessions. BYOD users often connect to coffee shop or airport Wi-Fi. Security risks skyrocket when employees using public Wi-Fi handle sensitive data on unprotected networks.

Solution: Train staff to avoid connecting to unknown or open Wi-Fi without protection. Encrypt internet connections using a secure VPN. This protects personal devices and helps reduce BYOD threats and vulnerabilities tied to unsafe networks.

3. Outdated operating systems

Old software invites security threats. Many personal device owners skip updates or disable auto-patching. Attackers exploit these gaps to launch BYOD attacks that target known flaws.

Solution: Push frequent updates across all BYOD devices. Enable automatic installs for operating systems, apps, and drivers. An enterprise browser can offer centralized control. Also, NordLayer’s Device Posture Security helps ensure compliance by restricting network access for devices that miss patches. This prevents out-of-date systems from weakening the organization’s defenses.

4. Malicious apps

Employees install apps for fun, productivity, or convenience. Some mobile apps harbor hidden malware. These malicious apps can harvest corporate data or disrupt device security.

Solution: Use mobile device management tools to monitor installed apps. Block high-risk apps and encourage staff to download from trusted sources. It will help reduce BYOD security risks by catching harmful software quickly.

5. Weak access controls

Weak role management grants users more privileges than they need. This raises the likelihood of accidental company data theft. If attackers seize one account, they may roam across systems containing sensitive data.

Solution: Adopt Zero-Trust principles. Segment company data and restrict resource access. Cloud firewalls allow granular permission control, which seals off critical assets. They help limit lateral movement and reduce the impact of compromised credentials.

6. Data leaks from personal storage

Workers often save company data on personal devices. Some even sync files to personal cloud storage without encryption. These habits expose BYOD security threats and heighten security concerns.

Solution: Enforce encryption of all work files stored on personal devices. Provide secure containers for personal and corporate data. Pair your cybersecurity tool with data loss prevention (DLP) software to protect data at rest and in transit. This step lowers the risk of data loss on unregulated storage sites.

7. Lost or stolen devices

Device theft is a growing concern. More than 70 million mobile devices are lost or stolen each year worldwide. This can lead to unauthorized access if the phone holds unencrypted work data.

The loss of a BYOD device can expose any data stored on it, as well as provide a potential “way in” for attackers if the device isn’t secured. A famous example is the Lifespan Health System in the U.S. which was fined $1.04 million after an unencrypted stolen laptop led to a breach of over 20,000 patients’ data.

Solution: Activate remote wipe features and strong passcode locks. Mandate immediate reporting of missing devices to IT. Quick actions can prevent major company data loss in these scenarios.

8. Shadow IT

Shadow IT arises when employees use unapproved tools or services. This might include personal messaging apps or unknown file-sharing platforms. Such unregulated usage adds security issues with BYOD and creates hidden vulnerabilities.

Solution: Create a clear BYOD security policy that addresses software usage. Educate staff about the dangers of unvetted platforms. Using an enterprise browser can also help by blocking unknown tools. Early detection keeps shadow IT from spiraling into serious BYOD security threats.

9. Social engineering attacks

Phishing and other social tricks fool people into giving up login details. Attackers often send convincing emails or messages that seem legitimate. The presence of personal devices increases this risk, since users may mix personal and work data.

Solution: Train employees to verify messages and avoid clicking unknown links. Enable spam filters and real-time domain checks. NordLayer helps block known malicious domains to stop such attacks in their tracks. But ongoing user awareness remains essential for mitigating social engineering.

10. Lack of device monitoring

Some organizations fail to track what happens on personal devices. If suspicious activity goes unseen, it can lead to larger security issues with BYOD. Attackers thrive when no one notices unusual file transfers or logins.

Solution: Deploy monitoring tools that watch for anomalies. Review logs for off-hours data transfers and repeated login failures. Many tools offer centralized oversight across multiple endpoints. Quick alerts let IT teams respond before small issues become big incidents.

11. Poor network segmentation

When every device joins the same subnet, BYOD vulnerabilities expand. One compromised device might endanger the entire corporate data set. This setup can make BYOD security threats harder to contain.

Solution: Segment networks based on role and device type. Isolate guest networks from core servers. NordLayer’s network protection platform supports micro-segmentation. This reduces the impact of a single compromised device by limiting lateral movement.

12. Incomplete offboarding

Employees may leave without losing access to corporate systems. Their accounts stay active on personal devices long after their last day. This creates ongoing BYOD security concerns, even after roles change.

For example, a former Cisco engineer has admitted to illegally accessing Cisco’s network and wiping 456 virtual machines as well as causing disruption to over 16,000 Webex Teams accounts. US prosecutors say that the tech giant needed to pay $1.4 million in additional employee time to restore and rectify the damage caused to the system, as well as issue refunds of approximately $1 million to customers impacted by the network issues.

Solution: Implement strict offboarding protocols. Revoke credentials, disable accounts, and wipe relevant apps on departure. NordLayer simplifies user management from a single dashboard. This cuts the risk of lingering access and potential data theft down the road.

Securing BYOD with NordLayer

BYOD boosts flexibility but increases security risks. NordLayer protects both personal and company devices, ensuring safe access.

Our network protection platform combines internet security, network access control, and secure connections. Your network stays safe, no matter where employees work.

Business VPN encrypts traffic and supports shared or private gateways with dedicated IPs. With 30+ global locations, teams get fast, secure access.

The platform also helps block malicious sites, risky downloads, and unwanted traffic while keeping data encrypted in transit at all times.

With Zero Trust access controls, only verified users and devices can connect. Security policies ensure only compliant devices access company resources.

NordLayer’s Enterprise Browser will add extra protection for SaaS and web apps. It blocks malicious redirects, restricts user input, and enforces security policies. It supports both managed and unmanaged (BYOD) devices, ensuring only trusted users access sensitive resources.

NordLayer’s tools make BYOD safer, but security requires regular updates, security testing, and strong authentication. Combine VPN, ZTNA, and the Enterprise Browser, and embrace BYOD with less security risks.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

The Benefits of Enterprise Service Management (ESM)

Introduction 

Every company, whether large or small, is a complex, delicate system in constant motion. 

We can imagine it as a city: each department is a neighborhood with its own needs, processes, and daily operations. A sort of microcosm that must function while also interacting efficiently with other neighborhoods-departments in an orderly yet flexible and responsive manner to both predictable and unpredictable events. 

Without centralized management, the risk is having a chaotic city-company where communication between different districts is fragmented, and services do not function efficiently. This results in enormous disadvantages for everyone—from employees to customers. 

This is where Enterprise Service Management (ESM) comes into play: a solution that helps standardize and optimize business processes, improve collaboration, increase productivity, and enhance security levels. 

ESM evolved from IT Service Management (ITSM), but its goal is to extend its principles across the entire organization, not just IT. 

So, what are its main components? 

 What are the benefits of Enterprise Service Management? 

 And are there any downsides, or rather, challenges to overcome? 

In this article, we will explore all these aspects and see why investing in an appropriate Enterprise Service Management solution can transform your business. 

2025 Gartner®Market Guide for ITSM Platforms

Get the latest ITSM insights! Explore AI, automation, workflows, and more—plus expert vendor analysis to meet your business goals. Download the report now!

DOWNLOAD NOW

What is Enterprise Service Management (ESM)? 

Let’s get straight to the point. Before focusing on the benefits of Enterprise Service Management, let’s clearly define our scope. 

As mentioned in the introduction, Enterprise Service Management is an approach that extends IT Service Management (ITSM) principles and practices to all business departments, including HR, Finance, Facility Management, and Customer Support, to name a few. 

The goal is to create a unified system to manage requests, optimize processes, and improve the overall experience for both employees and customers—all with a continuous improvement mindset. 

The Main Components of ESM 

Enterprise Service Management is a complex, branched system that adapts to the structure and needs of each company. 

 However, despite the many variables, some core pillars define its key components: 

  • Process Automation: Essential for reducing manual workload and speeding up request management through automated workflows. This area includes everything related to Artificial Intelligence and Machine Learning—an enormous and highly promising field. 
  • Self-Service Portals: These allow users to find answers quickly, 24/7, and manage requests independently, improving service speed. Naturally, this also benefits internal Customer Support teams by reducing their workload. 
  • Centralized Request Management: Another key aspect that enables comprehensive supervision and effective coordination among departments, both during routine operations and in fast-paced or emergency situations. 
  • Reporting and Analytics: Data is every company’s most valuable asset and the fuel of digital transformation. One of the most decisive benefits of Enterprise Service Management is having a vast amount of data at your disposal, highly organized and readable, to monitor performance, identify optimization areas, and drive continuous improvement. 

Integration with Other Business Tools: A good Enterprise Service Management system should connect with existing company systems, such as CRM (Customer Relationship Management), ERP (Enterprise Resource Planning), and others, ensuring seamless and customized operations management. 

The Main Benefits of Enterprise Service Management 

From what we have written so far, it is already evident that the benefits of Enterprise Service Management are numerous, crucial, and interconnected. 

 Here, we summarize them into five fundamental categories: 

1. Improved Operational Efficiency 

One of the primary benefits of Enterprise Service Management is process automation. 

In practical terms: centralized and automated management of requests, workflows, and approvals reduces time wasted on repetitive manual tasks, freeing up teams to focus on more strategic activities where human expertise makes a difference. 

HR, Finance, Facility Management, and Customer Support departments benefit from streamlined processes, shorter wait times, and an improved experience for employees and customers. 

Additionally, the likelihood of errors, omissions, and distractions is significantly reduced. 

2. Enhanced Employee and Customer Experience 

Closely linked to the previous point, a well-structured Enterprise Service Management system ensures that support requests are handled more quickly and efficiently. 

Users have access to an intuitive self-service portal, available 24/7, allowing them to find answers independently and contact support teams only when necessary. 

This creates a perfect win-win dynamic, benefiting both B2C and B2B businesses. 

3. Greater Transparency and Traceability 

Two key words in modern business: transparency and traceability. 

 Among the benefits of Enterprise Service Management is a clear, comprehensive, and intuitive view of all requests and business processes. 

Thanks to interactive dashboards and detailed reports, managers can monitor operations in real-time, identify bottlenecks, and promptly intervene to enhance efficiency—both in the short and long term. 

4. Cost Reduction 

The process optimization and automation discussed earlier naturally lead to significant cost savings. 

By reducing manual work (and in this case, time is truly money) and minimizing errors, companies can allocate more resources to strategic activities. 

5. Greater Compliance and Security 

With automated workflows and standardized processes, Enterprise Service Management helps companies maintain compliance with industry regulations and standards. 

All requests and operations are tracked, reducing the risk of errors and ensuring data protection. 

We all know how crucial it is to focus on these aspects and how difficult it can be to do so without automated, continuously updated systems. 

The Challenges of Implementing Enterprise Service Management 

So far, we have explored the benefits of Enterprise Service Management—numerous and fundamental in both the short and long term. 

 Now, let’s take a look at the other side of the coin and examine the challenges and complexities of adopting this type of evolution. We categorize them into three main points: 

1. Implementation Costs and Complexity 

Implementing an Enterprise Service Management system requires a significant initial investment in both money and time. Integrating with existing systems and training staff can present challenges. 

How to proceed? 

 By carefully planning the ESM rollout with a gradual, phased strategy—starting with the most critical processes and gradually involving the entire company at all levels. 

2. Resistance to Change 

Many employees and collaborators may be reluctant to adopt new tools and processes, especially if they have used previous methods for a long time. 

This natural resistance can be overcome with gradual implementation, effective communication of benefits, and targeted, ongoing training. 

3. The Need for Continuous Maintenance 

A good ESM system requires regular updates and ongoing management to remain effective and secure over time. 

Without proper maintenance, it can become a hindrance rather than an advantage. This awareness must be clear—only continuous maintenance ensures ongoing process improvement, benefiting the entire company system. 

Conclusion: Why Invest in an ESM Solution? 

We have examined the key challenges, but it is clear that the benefits of Enterprise Service Management far outweigh the disadvantages. 

An effective ESM implementation allows companies to enhance efficiency, reduce costs, increase transparency, and improve both employee and customer experiences—crucial factors in today’s competitive business landscape. 

FAQ 

What is the difference between ESM and ITSM? 

 ITSM (IT Service Management) focuses exclusively on IT services, while ESM extends these principles to all business departments, improving overall organizational efficiency. 

Which companies can benefit from an ESM system? 

 All types of businesses, regardless of industry or size, can benefit from ESM, especially those with complex internal processes requiring effective coordination. 

What are the essential features of a good ESM software? 

 A good ESM software should include process automation, an intuitive self-service portal, integration with other business systems, and advanced reporting features. 

Request a demo or trial

About EasyVista  
EasyVista is a leading IT software provider delivering comprehensive IT solutions, including service management, remote support, IT monitoring, and self-healing technologies. We empower companies to embrace a customer-focused, proactive, and predictive approach to IT service, support, and operations. EasyVista is dedicated to understanding and exceeding customer expectations, ensuring seamless and superior IT experiences. Today, EasyVista supports over 3,000 companies worldwide in accelerating digital transformation, enhancing employee productivity, reducing operating costs, and boosting satisfaction for both employees and customers across various industries, including financial services, healthcare, education, and manufacturing.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

ESET Research investigates RansomHub, dives into EDR killers, uncovers ties among rival gangs

  • ESET Research releases its analysis of the current ransomware ecosystem with focus on ransomware-as-a-service gang RansomHub.
  • ESET discovered links between the RansomHub, Play, Medusa, and BianLian ransomware gangs by following the trail of tooling that RansomHub offers its affiliates.
  • ESET analysis documents findings about EDRKillShifter and offers insights into the emerging threat of EDR killers.

PRAGUE, BRATISLAVAMarch 26, 2025 — ESET researchers have released a deep-dive analysis about significant changes in the ransomware ecosystem, with focus on the newly emerged and currently dominating ransomware-as-a-service gang RansomHub. The report shares previously unpublished insights into RansomHub’s affiliate structure and uncovers clear connections between this newly emerged giant and well-established gangs Play, Medusa, and BianLian. Furthermore, ESET highlights the emerging threat of Endpoint Detection and Response (EDR) killers, unmasking EDRKillShifter, a custom EDR killer developed and maintained by RansomHub. ESET has observed an increase in ransomware affiliates using EDR killer code derived from publicly available proofs of concept, while the set of drivers being abused is largely unchanged.

“The fight against ransomware reached two milestones in 2024: LockBit and BlackCat, formerly the top two gangs, dropped out of the picture. And for the first time since 2022, recorded ransomware payments dropped significantly by a stunning 35%. On the other hand, the recorded number of victims announced (to be outed publicly) on dedicated leak sites increased by roughly 15%. A big part of this increase is due to RansomHub, a new ransomware-as-a-service (RaaS) gang that emerged around the time of law-enforcement Operation Cronos, which disrupted LockBit activities,” says ESET researcher Jakub Souček, who investigated RansomHub.

Just as any emerging RaaS gang, RansomHub needed to attract affiliates — who rent ransomware services from operators — and since there is strength in numbers, the operators weren’t very picky. The initial advertisement was posted on the Russian-speaking RAMP forum in early February 2024, eight days before the first victims were posted. RansomHub prohibits attacking nations from the post-Soviet Commonwealth of Independent States, Cuba, North Korea, or China. Interestingly, it lures affiliates in with the promise that they will receive the whole ransom payment to their wallet, and the operators trust the affiliates to share 10% with them, something quite unique.

In May, RansomHub operators made a significant update: They introduced their own EDR killer — a special type of malware designed to terminate, blind, or crash the security product installed on a victim’s system — typically by abusing a vulnerable driver.

RansomHub’s EDR killer, named EDRKillShifter, is a custom tool developed and maintained by the gang. EDRKillShifter is offered to RansomHub affiliates. Functionality-wise, it is a typical EDR killer targeting a large variety of security solutions that the RansomHub operators expect to find protecting the networks they aim to breach.

“The decision to implement a killer and offer it to affiliates as part of the RaaS program is rare. Affiliates are typically on their own to find ways to evade security products — some reuse existing tools, while more technically oriented ones modify existing proofs of concept or utilize EDR killers available as a service on the dark web. ESET researchers saw a steep increase in the use of EDRKillShifter, and not exclusively in RansomHub cases,” explains Souček.

Advanced EDR killers consist of two parts — a user mode component responsible for orchestration (the killer code) and a legitimate, but vulnerable, driver. The execution is typically very straightforward — the killer code installs the vulnerable driver, typically embedded in its data or resources, iterates over a list of process names of security software, and issues a command to the vulnerable driver, resulting in triggering the vulnerability and killing the process from kernel mode. “Defending against EDR killers is challenging. Threat actors need admin privileges to deploy an EDR killer, so ideally, their presence should be detected and mitigated before they reach that point,” adds Souček.

ESET discovered that RansomHub’s affiliates are working for three rival gangs — Play, Medusa, and BianLian. Discovering a link between RansomHub and Medusa is not that surprising, as it is common knowledge that ransomware affiliates often work for multiple operators simultaneously. On the other hand, one way to explain Play and BianLian having access to EDRKillShifter is that they hired the same RansomHub affiliate, which is unlikely given the closed nature of both gangs. Another, more plausible explanation is that trusted members of Play and BianLian are collaborating with rivals, even newly emerged ones like RansomHub, and then repurposing the tooling they receive from those rivals in their own attacks. Play has been linked to the North Korea-aligned group Andariel.

For a more detailed analysis of RansomHub and EDRKillShifter, check out the latest ESET Research blogpost “Shifting the sands of RansomHub’s EDRKillShifter” on WeLiveSecurity.com. Make sure to follow ESET Research on Twitter (today known as X), BlueSky, and Mastodon for the latest news from ESET Research.

Schematic overview of the links between Medusa, RansomHub, BianLian, and Play

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×