Windows users should think about reinforcing their antivirus software. And while Microsoft Defender should provide a line of defense against ransomware, a new report claims that hackers have found a way to get around the ransomware tool to infect PCs with ransomware.
A GuidePoint Security report (via BleepingComputer) found that hackers are using Akira ransomware to exploit a legitimate PC driver to load a second, malicious driver that shuts off Windows Defender, allowing for all sorts of monkey business.
The good driver that's being exploited here is called "rwdrv.sys,' which is used for tuning software for Intel CPUs. Hackers abuse it to install "hlpdrv.sys," another driver that they then use to get around Defender — and start doing whatever it is they want to do.
Mashable Light Speed
GuidePoint reported seeing this type of attack starting in the middle of July. It doesn't seem like the loophole has been patched yet, but the more people know about it, the less likely it is for the exploit to work against them, at least in theory.
In the meantime, allow our colleagues at PCMag to recommend some fine third-party antivirus software to you for your Windows PC. For more information on the latest Akira ransomware attacks — including possible defenses — head to GuidePoint Security.
English
Arabic
French
Spanish
Portuguese
Turkish
Dutch
Italiano
Russian
Romaian
Portuguese (Brazil)
Greek