David Bridges
Windows users are strongly advised to enhance their antivirus software to protect against emerging cyber threats. While Microsoft Defender is designed to provide a fundamental layer of defense against ransomware, recent findings suggest that hackers have discovered methods to bypass this protective tool, allowing them to infect PCs with various forms of ransomware. This alarming development highlights the importance of robust security measures beyond built-in defenses.
A recent report from GuidePoint Security, shared by BleepingComputer, reveals that cybercriminals are leveraging Akira ransomware to exploit a legitimate PC driver. This exploitation involves loading a secondary, malicious driver that effectively disables Windows Defender, which opens the floodgates for a range of nefarious activities on compromised systems.
Microsoft is pushing Copilot on Bing users, report says
The legitimate driver being exploited in this attack is known as rwdrv.sys, which is typically used for tuning software associated with Intel CPUs. Malicious actors manipulate this driver to install an additional driver named hlpdrv.sys. This malicious driver then circumvents the protections offered by Windows Defender, enabling hackers to execute their malicious activities without hindrance.
Mashable Light Speed
According to GuidePoint Security, this type of attack began surfacing in mid-July. As of now, there appears to be no patch available for this vulnerability, but raising awareness about it can potentially reduce the likelihood of falling victim to such exploits. The more users are informed, the less effective these attacks may become.
In the interim, we encourage you to consult our colleagues at PCMag, who can recommend highly-rated third-party antivirus software suitable for your Windows PC. For comprehensive insights into the latest developments regarding Akira ransomware attacks, including strategies for defense, visit GuidePoint Security.
