
In June 2026, BleepingComputer documented The Gentlemen group shipping a custom EDR killers framework called GentleKiller, with eight separate variants targeting more than 400 security processes across 48 endpoint products. By the time researchers published, the affiliate base had hit 478 victims across 70 countries, including the Romanian energy provider Oltenia.
A separate analysis identified 54 tools circulating in 2026, collectively abusing 35 signed, legitimate Windows drivers. The technique has moved from research curiosity to a productized market with dashboards, credit balances, and vouching threads. Disabling the endpoint agent is now a precondition for reliable encryption, and the affiliates buying these tools rarely have to build anything themselves.
What Is An EDR Killer?
The supply side has gone fully commercial in the last twelve months.Â
EDR killers no longer require dedicated reverse engineers. Threat actors browse underground forum threads, pay through escrow, and receive working tools within hours. The volume of new listings on Russian-speaking cybercrime forums has accelerated noticeably in late 2025 and into 2026, with two pinned sales threads alone capturing the spread of pricing tiers and target lists currently in market.
VoidKiller advertises a $300 per-build custom polymorphic killer covering 50+ consumer antivirus products (Defender, McAfee, Norton, Avast, AVG, Kaspersky, Bitdefender, Trend Micro, ESET, Sophos, Malwarebytes and others). Enterprise EDR including CrowdStrike Falcon, SentinelOne, Microsoft Defender for Endpoint, Carbon Black, and Cortex XDR, is gated behind a separate premium module sold “after purchase.” Buyers pay in Bitcoin, Ethereum, Litecoin, or Monero, with auto-activation on confirmation.

Figure 1: VOID KILLER, $300 base license, sold on an underground forum.
NtKiller sits at the higher end. Core functionality is $500, with optional add-ons for $300 each (a rootkit module and a silent UAC bypass). It explicitly markets HVCI/VBS and Memory Integrity support, advanced persistence, and Cobalt Strike integration. Default targets include Defender 10/11, ESET, Kaspersky, Avast, Norton, AVG, Malwarebytes, Bitdefender, and Dr. Web. The seller offers custom kill modules for any solution on request.

Figure 2: NtKiller, $500 core build, sold on the same forum.
Common patterns emerge across both listings: consumer antivirus is treated as commodity work, enterprise EDR is sold as a premium add-on, payment is escrowed through the forum, and every operator explicitly forbids using their tool against organizations in former Soviet states. Several also forbid ransomware deployment in their terms of service. That last clause is performative, because the tools end up in ransomware campaigns regardless.
How EDR Killers Work: Step By Step

Most newer families follow the same five-stage pattern, regardless of which signed driver they happen to abuse. The attack chain runs from initial loader to ransomware payload in four core movements, with the five stages below mapping onto them.
- Loader execution
The killer arrives as a small loader binary, often dropped after initial access via a stolen credential or an unpatched perimeter device. Some samples, like those documented in early EDRKillShifter research, require a 64-character password supplied on the command line before they will execute, which gates the binary against sandbox analysis. The loader unpacks its real payload in memory using self-modifying code. - Vulnerable driver drop
The loader carries a legitimate Microsoft-signed driver embedded in its .data section, writes the driver to disk, and installs it as a service. Because the driver is signed and recognized by Windows code integrity, the operating system accepts it. Independent Gentlemen analysis found eight separate vulnerable drivers wrapped across one variant family, so patching any single driver gives only a temporary reprieve. - Kernel exploitation
The loader interacts with its driver through standard DeviceIoControl calls. Each driver exposes IOCTLs that, in combination, allow arbitrary kernel reads, writes, or direct process termination. Public proof-of-concept exploits already on GitHub give the developer the kernel primitives without needing to write new exploitation code. - EDR termination
Once kernel privileges are confirmed, the killer enumerates a hardcoded list of EDR product names, service names, driver names, and process names, and tears each one down. It either terminates each running process directly, unloads the EDR’s own kernel driver, deletes service registry keys to prevent restart, or all three. - Pre-encryption runway
The affiliate then proceeds with the rest of the playbook: enumeration, data staging, exfiltration, then encryption. The window from agent disable to file encryption is frequently under sixty minutes, as the March report noted.
What Security Teams Should Do Now
The defensive answer is layered, and most of it leans on Windows-native controls organizations already own but have not enforced.
Start with hypervisor-protected code integrity. HVCI verifies kernel code before execution and enforces Microsoft’s driver blocklist. On Windows 11 22H2 and later both ship enabled by default, but third-party drivers and older software frequently push administrators to disable them.Â
Audit the fleet for HVCI state and turn it back on wherever it has been silently disabled. Where the workload permits, Windows Defender Application Control can move the posture from a blocklist to a strict allowlist for kernel-mode code, which eliminates the BYOVD step entirely.
Tamper protection on the endpoint agent should be enforced through console-side policy rather than per-host configuration, and telemetry should stream off-host to a SIEM with sub-minute latency. Events already streamed off-endpoint are out of the killer’s reach. Any gap in that stream should be treated as a first-class detection, with a five-minute threshold fast enough to catch most operators before encryption begins.
The reality, however, is that even a fully hardened EDR posture has gaps. Driver allowlisting breaks too many legitimate workflows in some environments, HVCI requires hardware features that older fleets lack, and a sufficiently customized polymorphic killer using a less-publicized driver will bypass the signature layer entirely. That gap is what the EDR killer marketplace is selling into.
The Most Frequently Asked Questions
Share This Story, Choose Your Platform!
Related Posts
How EDR Killers Work: BYOVD, Kernel Access, And The Pre-Encryption Window
EDR killers now sell as SaaS-style products with dashboards and credit balances. Here's how the market works and what to harden first.
BlackFog Receives 2026 AI in Cybersecurity Innovation Award from TMCnet
BlackFog wins the 2026 TMC AI in Cybersecurity Innovation Award for ADX Protect, recognizing innovation in preventing data exfiltration and AI threats.
The State of Ransomware: June 2026
BlackFog's state of ransomware June 2026 measures publicly disclosed and non-disclosed attacks globally.
What Is Shadow AI And How Does It Differ From Other AI Types?
What is Shadow AI, why is it growing in the workplace and how does it differ from enterprise AI systems?
Are There Best Practices For Protecting Sensitive Information When Using AI Chatbots?
How can employees safely use AI chatbots at work without exposing sensitive business information?
How Do Different AI Chatbot Platforms Address Security And Privacy Issues?
How do leading AI chatbot platforms compare on security and privacy and what should enterprises look for when choosing a tool?





