Cisco Talos has identified a new ransomware campaign called DeadLock : attackers are exploiting a vulnerable Baidu antivirus driver (CVE-2024-51324) to disable EDR systems using the Bring Your Own Vulnerable Driver (BYOVD) technique. The group does not operate a data leak site but communicates with victims via Session Messenger. According to Talos, the attacks are carried out by a financially motivated operator who gains access to the victim’s infrastructure at least five days before encryption and gradually prepares the system for DeadLock implementation. One of the key elements of the chain is BYOVD : the attackers themselves inject a legitimate but vulnerable