Cisco Talos researchers have flagged “DeadLock” ransomware, using a BYOVD (Bring Your Own Vulnerable Driver) tactic, this time targeting a flawed Baidu Antivirus driver. Employing a novel, sophisticated loader, attackers can disable Endpoint Detection and Response (EDR) solutions, leaving organisations vulnerable before further exploitation occurs. This incident serves as a warning for IT professionals: trusted, unpatched drivers can be as hazardous as outdated operating systems.
Routine auditing of driver inventories, strengthening EDR with behavioural analytics, and proactive vulnerability remediation are now essential. Incident response plans should also prepare for monitoring loss. For managed service providers and IT leaders, this development mandates a more proactive, sceptical approach to endpoint security. Passive defence is no longer sufficient.
DeadLock Ransomware and BYOVD: Why Endpoint Defence Strategies Must Evolve
