Researchers spot Medusa ransomware operators deploying smuol.sys This driver mimics a legitimate CrowdStrike Falcon driver ...
Medusa ransomware uses ABYSSWORKER driver with stolen certificates to disable EDR and enable RDP access, risking data breaches.