New RobbinHood Ransomware Taps a “Legitimate”, Signed Driver to Switch Off Security Tools


A ransomware strain dubbed “RobbinHood” is using a vulnerability in a “legitimate” and signed hardware driver to delete security products from targeted computers before encrypting users files, according to security researchers at Sophos.

The ransomware exploits a known vulnerability in the driver from Taiwan’s GIGABYTE to subvert a setting in kernel memory in Windows 10, 8 and 7, meaning it “brings its own vulnerability” and can attack otherwise patched systems.

(The vulnerability, found and published with proof-of-concept code by SecureAuth’s Diego Juarez in 2018, was disclaimed by the company, which told Juarez  “its products are not

To see the full content, share this page by clicking one of the buttons below
Click on a tab to select how you'd like to leave your comment

Leave A Reply

Your email address will not be published.