Threat actors breached a network via compromised SonicWall SSLVPN credentials and deployed a sophisticated EDR killer to blind endpoint security prior to a planned ransomware deployment. The malware utilizes a Bring Your Own Vulnerable Driver (BYOVD) technique, dropping a revoked EnCase forensic driver encoded with a novel wordlist substitution cipher to terminate 59 different security processes directly from kernel mode.