'GodDamn' Ransomware Uses BYOVD to Smite US Companies
Summary
The 'GodDamn' ransomware is employing a Bring Your Own Vulnerable Driver (BYOVD) technique to disable security software on US companies' systems. This method leverages a legitimate, but vulnerable, driver that has been maliciously co-signed by Microsoft to gain kernel-level access and bypass defenses.
IFF Assessment
FOE
The use of BYOVD to disable security software is a significant threat to defenders, allowing ransomware to operate with fewer obstacles.
Defender Context
Defenders should be aware of the BYOVD technique and the risk posed by attackers compromising or abusing legitimate signed drivers. Monitoring for unusual driver activity and ensuring robust endpoint detection and response (EDR) capabilities are crucial.