Cybersecurity experts are cautioning computer users to be wary of a new ransomware that exploits the vulnerabilities of affected devices.
UK-based cybersecurity firm Sophos found that the attackers behind two recent cyber cases involving the malware “RobbinHood” had a unique way of skirting around antivirus software to ensure the ransomware caused the most damage to the infected systems.
The hackers’ strategy is as follows:
ZDNet reported that this antivirus bypassing technique works on Windows 7, Windows 8, and Windows 10.
Gigabyte had claimed two years ago that its products were not affected by any exploit – even after security researchers who discovered the weakness publicly disclosed details of the vulnerability to raise awareness. ZDNet said that information from the researchers, particularly their proof-of-concept code which reproduces the vulnerability, was used by the RobbinHood attackers.
Public pressure eventually got to Gigabyte to address the issue, but rather than release a patch to fix the exploit, the company chose to discontinue the driver.
However, Sophos found that despite the driver no longer being in use, it can still be exploited among those who still have a copy.
“Verisign, whose code signing mechanism was used to digitally sign the driver, has not revoked the signing certificate, so the Authenticode signature remains valid,” the security firm said.