Ransomware gangs turn to Shanya EXE packer to hide EDR killers

Multiple ransomware groups are utilizing Shanya, a packer-as-a-service (PaaS) platform, to obfuscate and hide EDR (endpoint detection and response) killing tools. This development represents a concerning trend where ransomware operators are leveraging commercial services to evade security defenses. The use of packers allows attackers to disguise malicious payloads and bypass detection mechanisms that would normally identify and block EDR termination attempts. This technique significantly increases the likelihood of successful ransomware deployment by neutralizing endpoint security solutions before encryption begins.