RansomwareJul 9, 2026
'GodDamn' Ransomware Uses BYOVD to Smite US Companies
GodDamn ransomware uses a Microsoft-co-signed driver to disable security software.
Summary
The 'GodDamn' ransomware strain is leveraging a sophisticated technique known as Bring Your Own Vulnerable Driver (BYOVD) to disable security software on victim systems. This is particularly concerning as the attackers are reportedly using a legitimate, Microsoft-co-signed kernel driver, which allows them to bypass security measures more effectively and operate with elevated privileges. This method significantly increases the ransomware's ability to evade detection and execute its payload.
Indicators of Compromise
- malware — GodDamn
Entities
Microsoft (vendor)kernel driver (technology)