Press Center

Malware and antivirus software

News

ESET Research: The EDR Killer Ecosystem 2026

Created: 2026-03-20 04:15:51

ESET Research has unveiled a massive shift in ransomware tactics. Attackers are increasingly using EDR Killers—specialized tools designed to blind security software—as a prerequisite for successful data encryption.

Strategic Division of Labor Affiliates pick the tools, while operators provide the encryptors. More affiliates mean more diverse and unpredictable attack methods.
The AI Influence Recent codebases, specifically from the Warlock gang, show markers of AI-assisted generation, including "trial-and-error" logic.
Driverless Neutralization BYOVD is common, but attackers now abuse legitimate anti-rootkit utilities and admin commands to suspend protection without touching the kernel.

The Defensive Reality

Protecting against modern ransomware requires a mindset shift. Unlike automated threats, ransomware is a human-driven operation. When a tool fails or a driver is blocked, the attacker is there in real-time to pivot to a new method.

"While preventing vulnerable drivers from loading is a crucial step, it is not a silver bullet. Defenders must aim to disrupt EDR killers before they establish a kernel-level foothold."

For the full technical analysis, visit WeLiveSecurity.com and search for the 2026 EDR Killer Ecosystem report.

 


About ESET
ESET develops software solutions that deliver instant, comprehensive protection against evolving computer security threats. ESET pioneered and continues to lead the industry in proactive threat detection. ESET NOD32 Antivirus, its flagship product, consistently achieves the highest accolades in all types of comparative testing and is the foundational product that builds out the ESET product line to include ESET Smart Security. ESET Smart Security is an integrated antivirus, antispyware, antispam and personal firewall solution that combines accuracy, speed and an extremely small system footprint to create the most effective security solution in the industry. Both products have an extremely efficient code base that eliminates the unnecessary large size found in some solutions. This means faster scanning that doesn’t slow down computers or networks. Sold in more than 160 countries, ESET has worldwide production headquarters in Bratislava, SK and worldwide distribution headquarters in San Diego, U.S. ESET also has offices in Bristol, U.K.; Buenos Aires, AR; Prague, CZ; and is globally represented by an extensive partner network. For more information, visit our local office at https://eset.version-2.sg.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The Company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which includes Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities. For more information, please visit https://www.version-2.com.sg/ or call (65) 6296-4268.

back

Why ESET?

ESET has over 25 years' experience of helping people to Enjoy Safer Technology. Our software is light on hardware, but hard on malware.

Our Technology

ESET’s award-winning NOD32® Antivirus technology is at the cutting edge of digital security. It’s updated daily to keep you secure.

Free Support

Enjoy your free, industry-leading customer support locally. For technical, sales and marketing enquires dial +65 6296 4268.