Ransomware Hackers Continue to Evolve

A new hacking tactic has surfaced, and it is infecting PCs at an alarming rate. Ransomware “gangs” have begun using drivers to infect PCs. Currently, they are using GIGABYTE technology to infiltrate networks. GIGABYTE is a leading computer hardware company. They build motherboards, graphics cards, and more. Chances are you have a piece of GIGABYTE hardware in your PC right now. Unfortunately, instead of releasing a patch for the vulnerability within the software, GIGABYTE maintained that its products were unaffected.

The hackers are using GIGABYTE drivers to gain access to PCs and disable security products so their actions can remain hidden. With security products enabled, the hackers would not be able to access PCs as easily. 

A security company has recently released the method of the new tactic.**

  1. Ransomware gang gets a foothold on a victim’s network.
  2. Hackers install legitimate Gigabyte kernel driver GDRV.SYS.
  3. Hackers exploit a vulnerability in this legitimate driver to gain kernel access.
  4. Attackers use the kernel access to disable the Windows OS driver signature enforcement temporarily.
  5. Hackers install a malicious kernel driver named RBNL.SYS.
  6. Attackers use this driver to disable or stop antivirus and other security products running on an infected host.
  7. Hackers execute the RobbinHood* ransomware and encrypt the victim’s files.

Therefore, files are encrypted and inaccessible, this is a result of the hack. 

*RobbinHood is ransomware that currently does not have a public decryption key. Without the public decryption key, there are minimal ways that data restoration can occur unless the affected users pay for the attackers’ private key.

However, that does mean that our security experts are unable to crack it. In these perilous times with technological warfare, it is essential to get a security assessment. Contact CoreRecon to ensure that your network and your company remain safe during this dangerous time. Please don’t wait until it’s too late, call 3612483248 for more information on our cybersecurity services. 

Twitter: @Corerecon

Facebook: https://www.facebook.com/CoreReconCyberSec/

Instagram: https://www.instagram.com/corerecon/

**More information on new hacking tactic:

Leave a Comment

Start typing and press Enter to search

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

CoreRecon will use the information you provide on this form to be in touch with you and to provide updates and marketing.