News

Hackers exploit hole in vulnerable but digitally signed Gigabyte driver

By admin
Spread the love

A new ransomware uses a vulnerable Gigabyte driver that is still digitally signed and therefore easy to install. The malware then installs a second driver that disables security software, after which encryption begins.

This is a driver whose privilege escalation vulnerability already came to light in 2018, but which, according to security company Sophos, is still digitally signed by Verisign. It is not clear why this vulnerable driver, which is no longer in use, is still digitally signed.

The malware installs the vulnerable Gigabyte driver without any ifs or buts thanks to the certification, that custom driver disables Windows driver signature verification, to make way for a second driver, which aims to search for existing security software and disable it. switch. Then comes the actual ransomware attack.

The ransomware, called RobbinHood, claims to encrypt the victim’s files with an rsa-4096 cypher. An unknown amount is requested and stated that this amount will be increased by $10,000 every day after four days.

According to Sophos, it is the first time that they have seen a ‘legitimate’ driver being misused in this way to attack the system from kernel space. The attack would work on Windows 7, 8 and 10.

You might also like
News

Rumor: Apple is working on its own applications based on a large language model

News

EU Council determines position on security requirements for digital products

News

Citrix warns of critical vulnerability in NetScaler ADC and Gateway

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Logitech acquires stream controller maker Loupedeck