A common best practice by adversaries is Disabling Security Tools (Mitre Att&ck T1089). There are multiple documented cases, including Agent Tesla, Brave Prince, DarkComet, and Gold Dragon, just to name a few. When your endpoint security software (AV, NGAV, EDR, PAM, etc.) is disabled, the adversary has free undetectable reign over your system, can easily ransom your data or exfiltrate it without your knowledge, and wipe every trace of what they did.
Relying solely on security software is insufficient against such attacks. Hardware integration is the only reliable mitigation.
K2 and Everest have special Cigent-proprietary firmware which tethers to the D3E agent. D3E pings the drive as often as down to millisecond granularity to verify it is still running. If D3E does not ping within the allotted interval time, the drive will completely cut off access to the protected data. D3E can also be configured to verify other security agents such as Windows 10 Security and other NGAV/EDR/PAM tools are running as well and if not protect the data.
The firmware locking and protecting of the data protects it from any O/S-based attack but also other compromised PC components (such as BIOS, CSME, NIC, etc.) and even if the drive is removed and booted from a different PC.
Once the security software is back up and running and the threat is cleared D3E will unlock the data and make it accessible, never having allowed data to be at risk to theft, ransom, corruption, deletion, etc.