Back to Feed
RansomwareJul 9, 2026

'GodDamn' Ransomware Uses BYOVD to Smite US Companies

GodDamn ransomware uses a Microsoft-co-signed driver to disable security software.

Summary

The 'GodDamn' ransomware strain is leveraging a sophisticated technique known as Bring Your Own Vulnerable Driver (BYOVD) to disable security software on victim systems. This is particularly concerning as the attackers are reportedly using a legitimate, Microsoft-co-signed kernel driver, which allows them to bypass security measures more effectively and operate with elevated privileges. This method significantly increases the ransomware's ability to evade detection and execute its payload.

Indicators of Compromise

  • malware — GodDamn

Entities

Microsoft (vendor)kernel driver (technology)