In a report published by security company GuidePoint Security, they’ve issued a warning that hackers can effectively bypass Microsoft Defender to install and deploy Akira ransomware.
This is done by exploiting a vulnerable driver called rwdrv.sys, which is a legitimate driver used by an Intel CPU tuning tool called ThrottleStop. By exploiting this driver, a hacker can gain kernel-level access to the PC.
With kernel-level access, the hacker can then load their own malicious driver—in this case, hlpdrv.sys, which modifies the Windows Registry and causes Microsoft Defender to disable its protective measures.
This two-punch approach has been flagged by GuidePoint Security as the deployment method for Akira ransomware attacks, which have been ongoing since July of this year.
To stay protected, make sure you’re using reputable antivirus software on your Windows PC and make sure to keep it up-to-date at all times. Regular updates help ensure that your system is defended against new malware definitions as they’re discovered and flagged.
Further reading: How much antivirus protection do you really need?
Inicia sesión para agregar comentarios
Otros mensajes en este grupo.
Prompt injection is a method of attacking text-based “AI” systems wit
How much speed do you need when you’re getting sweaty with your gamin
Windows Explorer has always seemed like a part of a small car’s toolk
The best home security camera is one that you can set up in minutes a
Samsung has an insanely large 57-inch gaming monitor with impressive
