GodDamn ransomware blinds defences before encrypting networks
A newly identified ransomware operation is using a Microsoft-signed malicious driver to disable cybersecurity protections before encrypting files, exposing a dangerous weakness in the trust mechanisms underpinning Windows systems. The malware, named GodDamn, deploys the PoisonX kernel driver to terminate antivirus and endpoint detection and response processes. Kernel-level access gives the driver extensive control over an infected computer, allowing attackers to neutralise defensive software that might otherwise […]



