Get a Pentest and security assessment of your IT network.

Cyber Security

Ransomware Exploits GIGABYTE Driver to Kill AV Processes

RobbinHood Ransomware attackers are exploiting a vulnerable GIGABYTE driver to install a malicious and unsigned driver into Windows that is used to terminate antivirus and security software. The attackers are using a custom antivirus killing package that is pushed out to workstations to prepare the payload for encryption. The attack starts with the operators deploying an executable named Steel.exe to exploit the CORE-2018-0007 vulnerability in the GIBYTE gdrv.sys driver. Steel.EXE extracts the ROBNREXE executable to the C:WindowsTemp folder.

Source: https://www.bleepingcomputer.com/news/security/ransomware-exploits-gigabyte-driver-to-kill-av-processes/

Related posts
Cyber Security

Zip Codes & PII: Are They Personal Data?

Cyber Security

Zero-Day Vulnerabilities: User Defence Guide

Cyber Security

Zero Knowledge Voting with Trusted Server

Cyber Security

ZeroNet: 51% Attack Risks & Mitigation