Cybercriminals behind RobbinHood Ransomware are exploiting a vulnerable GIGABYTE driver to install a malicious and unsigned driver into Windows with the intent of disabling security products. The operators use a known vulnerability to disable Microsofts driver signature enforcement feature. The technique consists in: Attackers install legitimate Gigabyte kernel driver GDRV.SYS to gain kernel access. Attackers use this driver to disable security products and kill processes and files belonging to endpoint security products, bypassing tamper protection, to enable the ransomware to attack without interference.”]
Source: https://securityaffairs.co/wordpress/97457/malware/robbinhood-ransomware-gigabyte-driver.html

