Security researchers observed the RobbinHood ransomware family abusing a vulnerable driver to delete security products before initiating its encryption routine. The threat abused CVE-2018-19320 in a signed Gigabyte driver to circumvent security products on an infected machine. This technique allowed the ransomware to load its unsigned driver and use it to kill security processes listed in a PLIST.TXT file. As of this post, the driver was still available, and Verisign had not revoked the certificate used for the driver.”]