Security · 1h ago
'GodDamn' Ransomware Uses Signed Microsoft Driver to Disable Defenses
A new ransomware strain called 'GodDamn' uses a bring-your-own-vulnerable-driver (BYOVD) attack to disable security software on targeted systems. The malicious driver was co-signed by Microsoft, allowing it to bypass kernel protections. The campaign has hit multiple US companies, leveraging the signed driver to kill endpoint detection and response tools before deploying ransomware.
Meridian48 take
The attack underscores how code-signing trust can be weaponized; Microsoft's signing process failed to catch the malicious intent, raising questions about driver validation rigor.
ransomwarebyovd