Sunday, February 28, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Ransomware installs Gigabyte driver to kill antivirus products

February 7, 2020
in Internet Security
Ransomware installs Gigabyte driver to kill antivirus products
587
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Image: L O R A

A ransomware gang is installing vulnerable GIGABYTE drivers on computers it wants to infect. The purpose of these drivers is to allow the hackers to disable security products so their ransomware strain can encrypt files without being detected or stopped.

This new novel technique has been spotted in two ransomware incidents so far, according to UK cybersecurity firm Sophos.

You might also like

Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill

TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit

Cybercrime groups are selling their hacking skills. Some countries are buying

In both cases, the ransomware was RobbinHood [1, 2], a strain of “big-game” ransomware that’s usually employed in targeted attacks against selected, high-value targets.

In a report published late last night, Sophos described this new technique as follows:

  1. Ransomware gang gets a foothold on a victim’s network.
  2. Hackers install legitimate Gigabyte kernel driver GDRV.SYS.
  3. Hackers exploit a vulnerability in this legitimate driver to gain kernel access.
  4. Attackers use the kernel access to temporarily disable the Windows OS driver signature enforcement.
  5. Hackers install a malicious kernel driver named RBNL.SYS.
  6. Attackers use this driver to disable or stop antivirus and other security products running on an infected host.
  7. Hackers execute the RobbinHood ransomware and encrypt the victim’s files.

Per Sophos, this antivirus bypassing technique works on Windows 7, Windows 8, and Windows 10.

The Gigabyte driver patching fiasco

This technique is successful because of the way the vulnerability in the Gigabyte driver was handled, leaving a loophole that hackers can exploit.

For this debacle, two parties are at fault — first Gigabyte, and then Verisign.

Gigabyte’s fault resides in its unprofessional manner in which it dealth with the vulnerability report for the affected driver. Instead of acknowledging the issue and releasing a patch, Gigabyte claimed its products were not affected.

The company’s downright refusal to recognize the vulnerability led the researchers who found the bug to publish public details about this bug, along with proof-of-concept code to reproduce the vulnerability. This public proof-of-concept code gave attackers a roadmap to exploiting the Gigabyte driver.

When public pressure was put on the company to fix the driver, Gigabyte instead chose to discontinue it, rather than releasing a patch.

But even if Gigabyte had released a patch, attackers could have simply used an older and still vulnerable version of the driver. In this case, the driver’s signing certificate should have been revoked, so it wouldn’t be possible to load the driver’s older versions either.

“Verisign, whose code signing mechanism was used to digitally sign the driver, has not revoked the signing certificate, so the Authenticode signature remains valid,” Sophos researchers said, explaining why it was still possible today to load a now-deprecated and known-vulnerable driver inside Windows.

But if we’ve learned something about cyber-criminals is that most of them are copy-cats and other ransomware gangs are expected to incorporate this trick into their arsenals as well, leading to more attacks using this technique.

RobbinHood is not the only ransomware gang that is using various tricks to disable or bypass security products. Other strains that engage in a similar behavior include Snatch (which reboots PCs in Safe Mode to disable AV software from starting) and Nemty (which shuts down antivirus process using taskkill utility).

Credit: Zdnet

Previous Post

Why Economics Is the Most Empowering Innovation Concept

Next Post

Build a successful digital banking strategy with the following 5 tech trends

Related Posts

Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill
Internet Security

Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill

February 28, 2021
TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit
Internet Security

TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit

February 28, 2021
Cybercrime groups are selling their hacking skills. Some countries are buying
Internet Security

Cybercrime groups are selling their hacking skills. Some countries are buying

February 28, 2021
Why would you ever trust Amazon’s Alexa after this?
Internet Security

Why would you ever trust Amazon’s Alexa after this?

February 28, 2021
Microsoft: We’ve open-sourced this tool we used to hunt for code by SolarWinds hackers
Internet Security

Microsoft: We’ve open-sourced this tool we used to hunt for code by SolarWinds hackers

February 27, 2021
Next Post
Build a successful digital banking strategy with the following 5 tech trends

Build a successful digital banking strategy with the following 5 tech trends

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Accurate classification of COVID‐19 patients with different severity via machine learning – Sun – 2021 – Clinical and Translational Medicine
Machine Learning

Accurate classification of COVID‐19 patients with different severity via machine learning – Sun – 2021 – Clinical and Translational Medicine

February 28, 2021
Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill
Internet Security

Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill

February 28, 2021
Top Master’s Programs In Machine Learning In The US
Machine Learning

Top Master’s Programs In Machine Learning In The US

February 28, 2021
TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit
Internet Security

TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit

February 28, 2021
Machine Learning as a Service (MLaaS) Market 2020 Emerging Trend and Advancement Outlook 2025
Machine Learning

Key Company Profile, Production Revenue, Product Picture and Specifications 2025

February 28, 2021
Cybercrime groups are selling their hacking skills. Some countries are buying
Internet Security

Cybercrime groups are selling their hacking skills. Some countries are buying

February 28, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Accurate classification of COVID‐19 patients with different severity via machine learning – Sun – 2021 – Clinical and Translational Medicine February 28, 2021
  • Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill February 28, 2021
  • Top Master’s Programs In Machine Learning In The US February 28, 2021
  • TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit February 28, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates