THE article discusses the emergence of a new ransomware family called GodDamn, identified by Symantec's Threat Hunter Team. This ransomware utilizes a signed kernel driver known as PoisonX, which allows it to disable security software effectively. The GodDamn ransomware is linked to a group called Hyadina, which has a history of ransomware development dating back to 2022, with previous iterations being Monster and Beast.
The PoisonX driver is unique because it appears legitimate due to its Microsoft signature, enabling it to execute attacks without triggering defenses. The report details the attack's sequence, including the use of AnyDesk for remote access, credential theft through various tools, and the lateral movement within infected networks. GodDamn's operational characteristics showcase its evolution in stealth and evasion capabilities, highlighting a continual refinement of their malware strategies.