Security · 2h ago
GodDamn Ransomware Uses Kernel Driver to Disable Security Tools
A new ransomware family called GodDamn uses the PoisonX kernel driver to disable endpoint defenses. First spotted on May 21, 2026, it is believed to be a rebrand of Beast ransomware. Symantec researchers warn the driver-based evasion makes it particularly dangerous.
Meridian48 take
The use of a kernel driver to kill security software is a significant escalation, but calling it a 'rebrand' suggests the novelty may be limited to the evasion technique.
Read the full reporting
GodDamn Ransomware Uses PoisonX Driver to Disable Endpoint Defenses →
The Hacker News
ransomwarekernel-driver