www.infosecurity-magazine.com 7/10/2026, 1:11:05 PM · external

New Ransomware Exploits Malicious Driver to Remove Cybersecurity Protections

New Ransomware Exploits Malicious Driver to Remove Cybersecurity Protections
CyberSIXT Evidence Panel
Primary Source security.com

THE article discusses the emergence of the GodDamn ransomware, a variant of the Beast ransomware, which exploits Microsoft-signed malicious drivers to disable cybersecurity protections. First identified in May 2026, this ransomware is part of the Hyadina family. Attackers utilize a remote desktop application, AnyDesk, hidden on infected endpoints, and initially compromise accounts to gain access.

They then drop a malicious kernel driver named PoisonX, which allows them to bypass security measures by terminating processes of security products. Following this, tools like NirSoft and Mimikatz are deployed for further credential theft and control over the network before triggering the ransomware to encrypt files. The article highlights the evolving tactics of ransomware operations and the need for enhanced defenses against such threats.

View Primary Source Via www.infosecurity-magazine.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline