Close Menu
  • Home
  • News
  • Cyber Security
  • Internet of Things
  • Tips and Advice

Subscribe to Updates

Get the latest creative news from FooBar about art, design and business.

What's Hot

NHS Warns Staff Over Unauthorized Access to Patient Data

July 11, 2026

Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure

July 11, 2026

New Ransomware Exploits Malicious Driver to Remove Security Protection

July 11, 2026
Facebook X (Twitter) Instagram
Saturday, July 11
Facebook X (Twitter) Instagram Pinterest Vimeo
Cyberwire Daily
  • Home
  • News
  • Cyber Security
  • Internet of Things
  • Tips and Advice
Cyberwire Daily
Home»Cyber Security»New Ransomware Exploits Malicious Driver to Remove Security Protection
Cyber Security

New Ransomware Exploits Malicious Driver to Remove Security Protection

Team-CWDBy Team-CWDJuly 11, 2026No Comments2 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
Share
Facebook Twitter LinkedIn Pinterest Email


The latest incarnation of a family of ransomware which has been hitting organizations since 2022 has evolved to exploit Microsoft-signed malicious drivers to prevent endpoint defenses from detecting and disrupting its attacks.

Detailed by cybersecurity researchers at Symantec, GodDamn ransomware first appeared in May 2026 and analysis of the code revealed that it is the newest iteration of Beast ransomware, itself is a rebrand of Monster ransomware which was first seen in 2022. All three forms of ransomware are part of a family which has been dubbed Hyadina.

In a blog post published on July 9, Symantec researchers said the attackers were spotted leveraging AnyDesk, a remote desktop application, which was hidden on the affected endpoint in a folder named ‘Music’ and made outbound connections to unknown IP addresses.

Researchers said it is unknown how the attackers gained initial access to the machine prior to this, but account compromise is a common starting point for ransomware attacks.

From here, the attackers used an executable file disguised as a Symantec product to drop PoisonX, a malicious kernel driver which carries a legitimate Microsoft Windows Hardware Compatibility Publisher signature into the system driver store and is used to terminate security product processes, further lowering the defenses of the system.

Read More: Why Ransomware Remains One of Cybersecurity’s Most Persistent and Costly Threats

It is not known how the signature was attained, but common methods of achieving this include usen stolen corporate identities to sign off the driver, or by attackers secretly exploiting legitimate third-party drivers.

With the defenses lowered, the attackers installed tools including NirSoft and Mimikatz, which are used to steal credentials, cookies, live network traffic and more, with the aim of finding means to gain further control over the machine and the wider network, including administrator accounts.

Finally, when enough control over accounts and systems had been gained, the attackers triggered GodDamn ransomware, encrypting the files and displaying a ransom note.

Researchers note that as the latest variant of ransomware from the Hyadina family, GodDamn demonstrates how ransomware operations continue to evolve their tools, tactics and procedures to ensure their attacks remain capable and effective.

“GodDamn’s use of the relatively newly discovered PoisonX malicious driver component represents an escalation in defensive evasion capability by this group, indicating that Hyadina is continuing to actively develop its ransomware and its capabilities,” said the Symantec and Carbon Black threat hunter team.



Source

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleNew ‘GigaWiper’ Malware Combines Espionage & Destructive Capabilities
Next Article Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure
Team-CWD
  • Website

Related Posts

Cyber Security

GhostApproval Flaw Hits Six Major AI Coding Assistants

July 9, 2026
Cyber Security

How Faster Cyber-Attacks Are Reshaping Cybersecurity Strategy

July 8, 2026
Cyber Security

Hackers Exploit Maximum Severity Adobe ColdFusion Flaw

July 7, 2026
Add A Comment
Leave A Reply Cancel Reply

Latest News

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

November 24, 202523 Views

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

September 7, 202517 Views

North Korean Hackers Target Crypto Firms with ClickFix and Zoom Lures

April 29, 202610 Views

Why SOC Burnout Can Be Avoided: Practical Steps

November 14, 20259 Views

Cyber M&A Roundup: Cyber Giants Strengthen AI Security Offerings

December 1, 20258 Views
Stay In Touch
  • Facebook
  • YouTube
  • TikTok
  • WhatsApp
  • Twitter
  • Instagram
Most Popular

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

November 24, 202523 Views

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

September 7, 202517 Views

North Korean Hackers Target Crypto Firms with ClickFix and Zoom Lures

April 29, 202610 Views
Our Picks

Why geopolitical turmoil is a gift for scammers, and how to stay safe

May 15, 2026

A stealthy RAT burrowing deep into Android devices

May 26, 2026

Fixing trivial passwords is as easy as 123456

May 7, 2026

Subscribe to Updates

Get the latest news from cyberwiredaily.com

Facebook X (Twitter) Instagram Pinterest
  • Home
  • Contact
  • Privacy Policy
  • Terms of Use
  • California Consumer Privacy Act (CCPA)
© 2026 All rights reserved.

Type above and press Enter to search. Press Esc to cancel.