Ransomware-wielding attackers have devised a novel tactic for disabling security protections that might get in their way: they are using a deprecated, vulnerable but signed driver to deliver a malicious, unsigned one that allows them to kill processes and files belonging to Windows endpoint security products. Disabling security solutions The tactic, as described by Sophos researchers, is used by attackers to deliver the RobbinHood ransomware – infamous for hitting the City of Baltimore and many … More
The post Ransomware uses vulnerable, signed driver to disable endpoint security appeared first on Help Net Security.
Advertise on IT Security News.
Read the complete article: Ransomware uses vulnerable, signed driver to disable endpoint security