Skip to Content

Ransomware can now borrow a vulnerable driver to attack your system

Ransomware can now borrow a vulnerable driver to attack your system

Submitted by • February 19, 2020 www.cybersecasia.net

"This novel approach exploits vulnerabilities in legitimate Microsoft-co-signed drivers to compromise the kernel and then disarm any security software. On 6 Feb, they were found to have used a Microsoft co-signed third party driver to patch the Windows kernel in-memory, load their own unsigned malicious driver, and take out security applications from kernel space. RobbinHood ransomware comes with both a vulnerable driver and a malicious driver that has the sole purpose to take out defenses. The malicious driver contains only code to kill, nothing else.

So even if you have a fully patched Windows computer with no known vulnerabilities, the ransomware provides the attackers with one that lets them destroy your defenses as a precursor to the ransomware attack. «Our analysis of the two ransomware attacks shows how rapidly and dangerously the threat continues to evolve. This is the first time we have seen ransomware bring its own legitimately signed, albeit vulnerable, third-party driver t

Voted by:
Voted by atilan

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>