Ransomware, Threat Intelligence

BYOVD technique embedded in nascent Reynolds ransomware

Newly emergent Reynolds ransomware has integrated the bring your own vulnerable driver attack technique to facilitate privilege escalation and endpoint detection and response tool deactivation for clandestine compromise, The Hacker News reports.

Attacks with Reynolds ransomware deployed a NsecSoft NSecKrnl driver impacted by the medium-severity CVE-2025-68947 vulnerability, which had been used by Silver Fox to spread ValleyRAT, while ending multiple security software processes, findings from a Symantec and Carbon Black Threat Hunter Team analysis showed. Apart from launching a side-loaded loader on the targeted network weeks before ransomware deployment, attackers also delivered the GotoHTTP remote access program a day following ransomware compromise.

"The advantages of wrapping the defense evasion capability in with the ransomware payload, and the reason ransomware actors might do this, may include the fact that packaging the defense evasion binary and the ransomware payload together is "quieter", with no separate external file dropped on the victim network," said researchers.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds