Tag

Byovd

All articles tagged with #byovd

GodDamn Ransomware Uses Microsoft-Signed Kernel Driver to Blind EDR on 10 Hosts
technology1 day ago

GodDamn Ransomware Uses Microsoft-Signed Kernel Driver to Blind EDR on 10 Hosts

Security researchers report Hyadina’s GodDamn ransomware escalated with PoisonX, a purpose-built, Microsoft-signed kernel driver that terminates kernel callbacks to disable endpoint detection and response across at least 10 Windows hosts before encryption begins. The attack involved AnyDesk for initial access, credential harvesting, and PsExec for lateral movement, reflecting a Bring Your Own Vulnerable Driver (BYOVD) approach that leverages signing trust without behavioral review. Mitigations include enabling Hypervisor-Protected Code Integrity (HVCI), enforcing WDAC policies, applying driver block rules, and using behavioral detection (Sysmon Event ID 6, Code Integrity logs) alongside offline backups to recover from such incidents.

BYOVD Enables 54 EDR Killers to Undermine Defenses Ahead of Ransomware
security3 months ago

BYOVD Enables 54 EDR Killers to Undermine Defenses Ahead of Ransomware

An ESET study finds 54 EDR killer tools abuse Bring-Your-Own-Vulnerable-Driver (BYOVD) tactics across 34 signed drivers to gain kernel privileges, disable security tools, and pave the way for ransomware encryptors; actors range from closed ransomware groups and PoC tweakers to underground marketplace vendors, with some variants using scripting or driverless approaches. The report emphasizes the need for layered defenses and tighter monitoring of driver loading to disrupt attacks at multiple stages.