Qilin EDR killers + Payouts King QEMU VM evasion ransomware + healthcare surge
Key Questions
How does Qilin ransomware disable EDR solutions?
Qilin disables over 300 EDR drivers using msimg32.dll and ETW techniques. Hexnode provides a playbook with detections for these evasion methods.
What evasion techniques does Payouts King ransomware use?
Payouts King, affiliated with BlackBasta, evades detection via QEMU virtual machines, exploits like SonicWall, CitrixBleed2, and SolarWinds, plus trusted tools, scheduled tasks, and reverse SSH.
What is the trend in ransomware targeting healthcare?
There is a surge in ransomware attacks on healthcare, finance, and government, with FBI reporting 361 critical infrastructure victims in Q1. Targets include Caribbean Medical Center (92k records) and Covenant Health (478k), prompting calls for terrorism designations on hospital ransomware.
Qilin disables 300+ EDR drivers via msimg32.dll/ETW; Payouts King (BlackBasta affil) evades via QEMU VMs, SonicWall/CitrixBleed2/SolarWinds, trusted tools/scheduled tasks/reverse SSH; FBI crit infra surge Q1 361 vics; healthcare/finance/gov targets incl Caribbean Medical Center (92k records), Covenant Health (478k); ex-FBI pushes terror designations for hospital ransomware; Hexnode playbook details detections; Storm-1175 rapid zero-day Medusa adds to surge.