Ransomware Exploits GIGABYTE Driver to Kill AV Processes

[correlate]

[correlate]

Level 18
Thread author
Top Poster
Well-known
May 4, 2019
801
Content source
https://www.bleepingcomputer.com/news/security/ransomware-exploits-gigabyte-driver-to-kill-av-processes/
The attackers behind the RobbinHood Ransomware are exploiting a vulnerable GIGABYTE driver to install a malicious and unsigned driver into Windows that is used to terminate antivirus and security software.

When performing a network-wide compromise, ransomware attackers need to push out a ransomware executable as quickly as possible and to as many systems as they can to avoid being detected.

One protection that can get in their way of a successful attack, though, is antivirus software running on a workstation that removes the ransomware executable before it can be executed.
Click to expand...
Ransomware Exploits GIGABYTE Driver to Kill AV Processes
 
  • Like
  • +Reputation
Reactions: kevinssi, bribon77, AlexCa and 10 others
Solarquest

Solarquest

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
  • Like
  • Wow
  • +Reputation
Reactions: Zartarra, bribon77, ctm_rookie and 5 others
Sampei Nihira

Sampei Nihira

Level 6
Verified
Well-known
Dec 26, 2019
287
Solarquest said:
news.sophos.com

Living off another land: Ransomware borrows vulnerable driver to remove security software

Sophos has been investigating two different ransomware attacks where the adversaries deployed a legitimate, digitally signed hardware driver in order to delete security products from the targeted c…
news.sophos.com news.sophos.com
Last 3 IOC still have no or low detection on VT.

VirusTotal

VirusTotal
www.virustotal.com www.virustotal.com

VirusTotal

VirusTotal
www.virustotal.com www.virustotal.com

VirusTotal

VirusTotal
www.virustotal.com www.virustotal.com
Click to expand...

I don't know if you recognized one of the authors.
Mark Loman, one of the Loman brothers who developed HitmanPA and HP.(y);)
This malware is also not designed to run with W.XP.
 
  • Like
  • +Reputation
Reactions: [correlate], catjc, bribon77 and 1 other person
You must log in or register to reply here.

Similar threads

silversurfer
    • Like
    • +Reputation
    • Wow
Malware News Kasseika Ransomware Using BYOVD Trick to Disarms Security Pre-Encryption
Replies
1
Views
1,086
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Wow
    • Like
    • HaHa
Ransomware gangs abuse Process Explorer driver to kill security software
Replies
15
Views
2,361
News Archive
Trident
Trident
[correlate]
    • Like
    • +Reputation
Security News Windows CLFS and five exploits used by ransomware operators
Replies
0
Views
851
Security News
[correlate]
[correlate]

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top