In a newly detected attack campaign, the attackers behind RobbinHood use legitimate, digitally signed hardware drivers to delete security tools on target machines before encrypting files. These attacks exploit known vulnerability CVE-2019-19320, report Sophos researchers who investigated two attacks employing this technique. The flaw exists in a signed driver that is part of a now-deprecated software package published by Taiwanese motherboard manufacturer Gigabyte. The company later rescinded its statement that its products weren’t affected by the flaws.”]