'GodDamn' Ransomware Uses BYOVD to Smite US Companies

Summary

The 'GodDamn' ransomware is employing a Bring Your Own Vulnerable Driver (BYOVD) technique to disable security software on US companies' systems. This method leverages a legitimate, but vulnerable, driver that has been maliciously co-signed by Microsoft to gain kernel-level access and bypass defenses.

IFF Assessment

FOE

The use of BYOVD to disable security software is a significant threat to defenders, allowing ransomware to operate with fewer obstacles.

Defender Context

Defenders should be aware of the BYOVD technique and the risk posed by attackers compromising or abusing legitimate signed drivers. Monitoring for unusual driver activity and ensuring robust endpoint detection and response (EDR) capabilities are crucial.

Read Full Story →