A cybercriminal group linked to RansomHub has developed a new tool called EDRKillShifter, which is designed to neutralize endpoint detection and response (EDR) systems. This tool exploits vulnerable drivers to escalate privileges and execute payloads stealthily. Researchers from Sophos observed the deployment of this utility by an undetermined criminal group targeting organizations with ransomware attacks. The introduction of EDRKillShifter, a BYOVD Binary, marks an escalation in tactics by ransomware gangs, as noted by Sophos X-Ops.