Robinhood Ransomware Borrow Vulnerable Driver To Kill Antivirus and Encrypt Windows System Files

From gbhackers.com

Robinhood Ransomware Borrow Vulnerable Driver To Kill Antivirus and Encrypt Windows System Files

Researchers observed a new ransomware family called “Robinhood” that using a digitally signed vulnerable driver to bypass the protection by killing files belonging to endpoint security products, bypassing tamper protection and antivirus software to encrypt the system files.

Attackers using the Living off the Land technique for this ransomware attack to destructive file encryption portion and they are using Gigabyte driver vulnerability tracked as CVE-2018-19320.

Read more…