Newly emergent Reynolds ransomware has integrated the bring your own vulnerable driver attack technique to facilitate privilege escalation and endpoint detection and response tool deactivation for clandestine compromise, The Hacker News reports.Attacks with Reynolds ransomware deployed a NsecSoft NSecKrnl driver impacted by the medium-severity CVE-2025-68947 vulnerability, which had been used by Silver Fox to spread ValleyRAT, while ending multiple security software processes, findings from a Symantec and Carbon Black Threat Hunter Team analysis showed. Apart from launching a side-loaded loader on the targeted network weeks before ransomware deployment, attackers also delivered the GotoHTTP remote access program a day following ransomware compromise."The advantages of wrapping the defense evasion capability in with the ransomware payload, and the reason ransomware actors might do this, may include the fact that packaging the defense evasion binary and the ransomware payload together is "quieter", with no separate external file dropped on the victim network," said researchers.
Ransomware, Threat Intelligence
BYOVD technique embedded in nascent Reynolds ransomware

An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



