Researchers studying cybersecurity have revealed information about the Reynolds family of emerging ransomware, which has an integrated bring your own vulnerable driver (BYOVD) component in the ransomware payload itself for defense evasion This article explores ransomware reynolds. . The term "BYOVD" describes an adversarial technique that uses valid but defective driver software to elevate privileges and turn off Endpoint Detection and Response (EDR) programs, allowing malicious activity to remain undetected.

Over the years, numerous ransomware groups have adopted the tactic. The strategy of including a defense evasion component in the ransomware payload is not new, according to Broadcom's cybersecurity teams, who pointed out that it was seen in a Ryuk ransomware attack in 2020 and in an incident involving the less well-known Obscura ransomware family in late August 2025.

The ransomware in the Reynolds campaign is made to stop processes linked to different security programs from Avast, CrowdStrike Falcon, Palo Alto Networks Cortex XDR, Sophos (along with HitmanPro.Alert), and Symantec Endpoint Protection, among others, and to drop a vulnerable NsecSoft NSecKrnl driver. By taking advantage of a flaw in VMmanager's default Windows templates that reuse the same static hostname and system identifiers each time they are deployed, it is estimated that bulletproof hosting companies are renting ISPsystem virtual machines to other criminal actors for use in ransomware operations and malware delivery. Threat actors can then create thousands of virtual machines (VMs) with the same hostname, making takedown attempts more difficult.

As part of the ongoing professionalization of ransomware operations, DragonForce has developed a "Company Data Audit" service to assist affiliates during extortion campaigns. According to LevelBlue, "the audit includes a detailed risk report, prepared communication materials, such as executive-level letters and call scripts, and strategic guidance designed to influence negotiations." As a cartel, DragonForce gives affiliates the freedom to establish their own brands while working under its auspices and using its tools and resources.