Qilin and Warlock Ransomware Use BYOVD Technique to Disable 300+ EDR Security Tools

Threat actors linked to Qilin and Warlock ransomware operations have been observed employing the bring your own vulnerable driver (BYOVD) technique to disable over 300 endpoint detection and response (EDR) security tools on compromised systems. Cisco Talos and Trend Micro reported that Qilin attacks specifically deploy a malicious DLL named "msimg32.dll" as part of this tactic. The technique exploits vulnerable drivers to bypass security protections, though no specific CVE IDs or exact dates were disclosed. The impact includes the neutralization of critical security defenses, enabling ransomware deployment without detection. No additional technical details or affected vendor names were provided in the report.