Get a Pentest and security assessment of your IT network.

News

RobbinHood ransomware exploit GIGABYTE driver flaw to kill security software

Cybercriminals behind RobbinHood Ransomware are exploiting a vulnerable GIGABYTE driver to install a malicious and unsigned driver into Windows with the intent of disabling security products. The operators use a known vulnerability to disable Microsofts driver signature enforcement feature. The technique consists in: Attackers install legitimate Gigabyte kernel driver GDRV.SYS to gain kernel access. Attackers use this driver to disable security products and kill processes and files belonging to endpoint security products, bypassing tamper protection, to enable the ransomware to attack without interference.”]

Source: https://securityaffairs.co/wordpress/97457/malware/robbinhood-ransomware-gigabyte-driver.html

Related posts
News

Ashley Madison 2.0 Hackers Leak 20GB Data Dump, Including CEO's Emails

News

Art of Twitter account hacking

News

Botnet authors use Evernote account as C&C Server

News

Canadian agency breached as hackers exploit CVE-2017-5638 flaw in Apache Struts 2