Close Menu
    What's Hot

    10 years later, ‘Pokémon Go’ is as popular as ever

    Iran War Updates: U.S. and Iran Sink Into Violent Cycle After Latest Strikes

    In Exchange of Strikes With Iran, U.S. Lands Most of the Blows

    Facebook X (Twitter) Instagram
    Trending
    • 10 years later, ‘Pokémon Go’ is as popular as ever
    • Iran War Updates: U.S. and Iran Sink Into Violent Cycle After Latest Strikes
    • In Exchange of Strikes With Iran, U.S. Lands Most of the Blows
    • Thousands of ‘Pokémon Go’ Players Descend on Times Square to Defeat Mewtwo
    • Group 1 Automotive Stock: How Maintenance Services Redfine The Company’s Future (NYSE:GPI)
    • GodDamn Ransomware Uses PoisonX Driver to Disable Endpoint Defenses
    • The Muslim manosphere and Achraf Hakimi – Live Updates
    • How World Bank and IMF loans are reshaping policymaking in Africa | Economy News
    interluknewsinterluknews
    • Home
    • Business
      • Corporate News
      • Industry Insights
      • Startups & Entrepreneurship
      • Technology & Innovation
    • Economy
      • Economic Policy
      • Financial Analysis
      • Inflation & Interest Rates
      • Trade & Markets
    • Global
      • Conflicts & Security
      • Diplomacy
      • Global Trends
      • International Affairs
    • Lifestyle
      • Fashion
      • Food & Dining
      • Personal Development
      • Travel
    • Opinion
      • Columns
      • Editorials
      • Expert Opinions
      • Reader Voices
    • More
      • Politics
        • Elections
        • Government & Policy
        • International Relations
        • Political Analysis
      • Sports
        • Cricket
        • Football / Soccer
        • International Sports
        • Local Sports
      • Technology
        • Artificial Intelligence
        • Cybersecurity
        • Gadgets & Reviews
        • Tech News
      • South Africa News
    Facebook X (Twitter) Instagram
    interluknewsinterluknews
    Cybersecurity

    GodDamn Ransomware Uses PoisonX Driver to Disable Endpoint Defenses

    adminBy adminJuly 10, 2026No Comments4 Mins Read
    Share Facebook Twitter Pinterest Copy Link Telegram LinkedIn Tumblr Email
    GodDamn Ransomware Uses PoisonX Driver to Disable Endpoint Defenses
    Share
    Facebook Twitter LinkedIn Pinterest Email

    Ravie LakshmananJul 09, 2026Malware / Endpoint Security

    GodDamn Ransomware Uses PoisonX Driver to Disable Endpoint Defenses

    Cybersecurity researchers have flagged a new ransomware family called GodDamn that employs the PoisonX kernel driver to neutralize security software as part of its defense evasion strategy.

    According to a new report published by the Threat Hunter Team from Symantec, the ransomware was first publicly spotted in the wild on May 21, 2026. It’s assessed to be a rebrand of the Beast ransomware, which, in turn, was an enhanced version of Monster, a Delphi-based ransomware that surfaced in March 2022. Broadcom’s cybersecurity arm is tracing the developer behind these ransomware families under the moniker Hyadina.

    In one attack orchestrated by the ransomware operation in early June 2026, the threat actors are said to have leveraged AnyDesk for remote access and used a NirSoft-based credential harvesting toolkit before deploying the ransomware. The exact initial access vector is unknown. The credential harvester is designed to extract sensitive data from common web browsers, Windows Credential Manager, cached domain credentials, VNC sessions, email clients, Wi-Fi profiles, and live network traffic.

    Also put to use in the attack is a user-mode defense evasion tool that’s dressed as a Symantec product (“symantec.exe”) and the PoisonX kernel driver (“g11.sys”) to disable endpoint defenses in what’s called a bring your own vulnerable driver (BYOVD) attack.

    Cybersecurity

    “However, the PoisonX driver seems to be slightly more unusual, in that it appears to be a malicious driver that its developers succeeded in getting signed by Microsoft, and it is now being used by ransomware attackers,” the Symantec Threat Hunter Team said in a report shared with The Hacker News.

    It’s worth noting that PoisonX is one of the eight drivers adopted by the operators of The Gentlemen ransomware-as-a-service (RaaS) scheme in its custom GentleKiller tool that it hands out to affiliates for impairing system defenses prior to executing the encryptor.

    “Vulnerable drivers are the attacker’s most reliable route in,” Broadcom noted last month. “The attacker, having gained administrator privileges, can drop a flawed but validly signed driver onto the target machine. Because the driver is signed, Windows loads it automatically.”

    “The most common action is to kill the processes belonging to antivirus (AV) or endpoint detection and response (EDR) products, stripping the machine of its defenses. Some variants are more subtle. Attackers may strip the security agent of the rights it needs to function correctly, leaving it running but unable to act. Others tamper directly with the kernel’s internal records so that the security product no longer receives notifications about what is happening on the machine, effectively making it blind.”

    The attack is also characterized by the use of PsExec to facilitate lateral movement, followed by setting up AnyDesk on each of those reachable hosts and registering it as an auto-start Windows service to survive reboots. On some machines, the entire AnyDesk setup is handled by a PowerShell script pre-staged on the system drive, suggesting the use of a reusable installer to streamline the process.

    Cybersecurity

    “After completing the AnyDesk setup on each host, the attackers terminated the running AnyDesk process, waited briefly, then rebooted the machine,” Symantec said. “By the end of June 2, this deployment sequence had been repeated across at least 10 hosts within the targeted organization.”

    The cybersecurity company said GodDamn ransomware was first detected on June 3 on a separate network segment associated with a distinct organizational unit, causing the files to be renamed with the victim’s name as the extension instead of the “.God8Damn” extension used in other attacks carried out by Hyadina.

    According to a report released by CYFIRMA, the ransom note dropped at the end of the intrusion urges victims to contact them either via email or the qTox encrypted messaging app.

    “GodDamn’s use of the relatively newly discovered PoisonX malicious driver component represents an escalation in defensive evasion capability by this group, indicating that Hyadina is continuing to actively develop its ransomware and its capabilities,” the cybersecurity company concluded.

    Defenses Disable Driver endpoint GodDamn PoisonX Ransomware
    Follow on Google News Follow on Flipboard
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
    Previous ArticleThe Muslim manosphere and Achraf Hakimi – Live Updates
    Next Article Group 1 Automotive Stock: How Maintenance Services Redfine The Company’s Future (NYSE:GPI)
    admin
    • Website

    Related Posts

    Cloud Bucket Hijacking, Windows LPE Chain, Global Fraud Bust + 17 More Stories

    July 9, 2026

    New GigaWiper Windows Backdoor Bundles Disk Wiping, Fake Ransomware, and Spyware

    July 9, 2026

    Dormant GitHub Accounts Help Attackers Blend In While Mapping Corporate Orgs

    July 9, 2026
    Leave A Reply Cancel Reply

    Demo
    Latest Posts

    10 years later, ‘Pokémon Go’ is as popular as ever

    Iran War Updates: U.S. and Iran Sink Into Violent Cycle After Latest Strikes

    In Exchange of Strikes With Iran, U.S. Lands Most of the Blows

    Thousands of ‘Pokémon Go’ Players Descend on Times Square to Defeat Mewtwo

    Latest Posts

    Subscribe to News

    Get the latest sports news from NewsSite about world, sports and politics.

    Advertisement
    Demo

    We are a digital news platform delivering timely, accurate, and insightful coverage of politics, global affairs, business, economy, sports, and more. Our mission is to keep readers informed with reliable news, clear analysis, and stories that truly matter.
    We're social. Connect with us:

    Facebook X (Twitter) Instagram Pinterest YouTube

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Type above and press Enter to search. Press Esc to cancel.

    Powered by
    ...
    ►
    Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
    None
    ►
    Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
    None
    ►
    Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
    None
    ►
    Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
    None
    ►
    Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
    None
    Powered by