PSI A.I CyberSecurity Scoring
PSI
Company Information
Website:https://www.ransomstop.com/
Employees number:10
Number of followers:154
NAICS:
Industry Type:Data Security Software Products
Homepage:ransomstop.com
PSI Risk Score (AI oriented)
Between 0 and 549
PSIData Security Software Products
Updated:
02/04/2026
02/04/2026
513/1000
Critical
C
PSI Global Score (TPRM)
xxxx
PSIData Security Software Products
Score locked

PSICritical
Current Score
513C (CRITICAL)
01000
1 incidents
-97 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
664
JUNE 2026
663
MAY 2026
661
APRIL 2026
513
MARCH 2026
754
Ransomware
20 Mar 2026 • PSI
RansomHouse, DragonForce and MedusaLocker: Ransomware Actors Expand EDR Killer Tactics Beyond Vulnerable Drivers
Ransomware Attackers Evolve Tactics to Disable Endpoint Security
657
CRITICAL-97
PLUUNIDRA1774009537
Ransomware Attackers Evolve Tactics to Disable Endpoint Security
Ransomware operators have expanded their methods to bypass endpoint security, moving beyond the traditional Bring Your Own Vulnerable Driver (BYOVD) technique. While BYOVD remains in use with 54 tools exploiting 35 vulnerable drivers attackers now employ script-based tools, misuse legitimate anti-rootkit software, and deploy fully driverless techniques to neutralize security defenses before encryption.
This shift prioritizes reliability, allowing ransomware affiliates to disable Endpoint Detection and Response (EDR) systems quickly rather than evading detection. Research from ESET, based on telemetry and incident investigations, identified nearly 90 active EDR killers used by major ransomware groups, including Akira, Medusa, Qilin, RansomHouse, and DragonForce. Many of these tools are commercially traded in underground marketplaces, reflecting a mature, profit-driven ecosystem.
Among the most prevalent tools is AbyssKiller, which combines the ABYSSWORKER rootkit with a HeartCrypt-packed loader, and CardSpaceKiller, frequently used by Akira, Medusa, and MedusaLocker. These tools leverage obfuscation techniques such as VX Crypt and VMProtect to evade detection, while others like SmilingKiller use control-flow flattening to complicate analysis. Some groups, like Warlock, deploy multiple EDR killers in succession, with recent samples showing signs of AI-assisted code generation.
Attackers often separate the EDR killer from its driver, manually installing the driver first to ensure functionality before executing the payload. This division of labor makes defense evasion more accessible, even to less skilled threat actors. The focus on disabling security tools rather than making encryptors stealthy has become the primary method for ensuring successful ransomware execution.
The impact is severe: victims face attacks where security measures are rendered ineffective before encryption begins. While driver blocking remains a necessary defense, organizations must also monitor for suspicious driver installations, enforce least-privilege access, and maintain strong endpoint telemetry to mitigate these evolving threats.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
FEBRUARY 2026
754
JANUARY 2026
754
DECEMBER 2025
754
NOVEMBER 2025
754
OCTOBER 2025
754
SEPTEMBER 2025
754
AUGUST 2025
754
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for PSI ??
What was PSI's A.I Rankiteo Cyber Score in June 2026 ??
What was PSI's A.I Rankiteo Cyber Score in May 2026 ??
What was PSI's A.I Rankiteo Cyber Score in April 2026 ??
What was PSI's A.I Rankiteo Cyber Score in March 2026 ??
What was PSI's A.I Rankiteo Cyber Score in February 2026 ??
What was PSI's A.I Rankiteo Cyber Score in January 2026 ??
What was PSI's A.I Rankiteo Cyber Score in December 2025 ??
What was PSI's A.I Rankiteo Cyber Score in November 2025 ??
What was PSI's A.I Rankiteo Cyber Score in October 2025 ??
What was PSI's A.I Rankiteo Cyber Score in September 2025 ??
What was PSI's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on PSI's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with PSI ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view PSI's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?