GodDamn Ransomware Uses PoisonX Driver to Disable Endpoint Defenses
Summary
A new ransomware family named GodDamn has been identified by cybersecurity researchers, utilizing the PoisonX kernel driver to disable endpoint security measures. This tactic is employed to evade detection and facilitate its attacks. The ransomware was first observed in the wild on May 21, 2026, and is believed to be a rebranded version of the Beast ransomware.
IFF Assessment
The development and deployment of new ransomware that actively disables security defenses represent a significant threat to organizations and individuals.
Defender Context
This highlights a growing trend of ransomware actively targeting and disabling security software through sophisticated kernel-level techniques. Defenders should be aware of kernel drivers used for defense evasion and ensure their endpoint detection and response (EDR) solutions have robust protections against such attacks.