www.darkreading.com 7/9/2026, 10:32:13 AM · external

Microsoft signed PoisonX driver fuels new GodDamn ransomware

Microsoft signed PoisonX driver fuels new GodDamn ransomware
CyberSIXT Evidence Panel Source marked as original reporting
Threat Actor
Hyadina

A new ransomware called 'GodDamn', operated by the group Hyadina, is utilizing a malicious kernel driver approved by Microsoft to disable security software. Hyadina, a ransomware-as-a-service operation, targets various American sectors including healthcare and education. The attackers leverage legitimate software tools and an array of open-source malware for credential theft. The driver, named PoisonX, was released on GitHub and is used to kill security processes on infected computers.

Despite Microsoft’s efforts to block known vulnerable drivers, researchers indicate there’s often a delay in updates to the blocklist, allowing attackers to exploit these vulnerabilities.

View full article

Article by CyberSIXT