Cybersecurity experts warn computer users about a new ransomware that exploits vulnerabilities in affected devices.
British cybersecurity company Sophos discovered that the attackers behind two recent cyber cases using RobbinHood malware had a unique way of circumventing antivirus software to ensure ransomware caused the most damage to the system.
The strategy of hackers is as follows:
- First, cyber attackers have access to the victim’s network.
- Next, hackers install a gigabyte hardware driver, GDRV.SYS, on the device.
- Ransomware players exploit a vulnerability in the GDRV.SYS driver to access the kernel, then use the access to temporarily disable the application of the Windows operating system driver signature.
- Next, hackers install a malicious kernel driver called RBNL.SYS. This allows them to disable or stop antivirus and other security products.
- Once the path is free of security barriers, hackers run RobbinHood ransomware.
- ZDNet has reported that this antivirus bypass technique works on Windows 7, Windows 8, and Windows 10 pro retail pc key.
Gigabyte said two years ago that its products were not being exploited, even after security researchers discovered the vulnerability revealed the details of the susceptibility to raise awareness. ZDNet said the researchers’ information, particularly its proof of concept code that reproduces RobbinHood attackers, used the vulnerability.
Public pressure finally reached the gigabytes to solve the problem, but instead of launching a patch to correct the exploit, the company decided to stop the pilot.
However, although no longer used, Sophos discovered that the controller can be used by those who still have a copy.
In today’s information society, computers will inevitably be attacked by viruses and even hackers. To effectively avoid this situation, it is essential to install antivirus software on the computer. On bzfuture, you can also get Microsoft windows 10 pro retail cd key when you buy any antivirus software in the “antivirus authorized key promo” activities. Are you interested?