Trend Micro revealed that the BlackCat ransomware group is using a signed kernel driver for evasion tactics. The driver was utilized in conjunction with a separate user client executable, with the intention of manipulating, pausing, and terminating specific processes associated with the security on the targeted endpoints. Windows admins must ensure that ‘Driver Signature Enforcement’ is enabled.