<ul><li>The Medusa ransomware operators are using a vulnerable driver named smuol.sys which mimics a legitimate CrowdStrike Falcon driver named CSAgent.sys.</li><li>The driver has been signed by a Chinese vendor called ABYSSWORKER.</li><li>Medusa ransomware is targeting critical infrastructure organizations and is actively engaged in BYOD attacks bypassing endpoint protection, detection, and response (EDR) tools.</li><li>The FBI, CISA, and MS-ISAC have already issued a warning and recommend implementing the necessary mitigations.</li></ul>

Medusa ransomware is able to disable anti-malware tools, so be on your guard

Discover more