Hackers found a way around Microsoft Defender to install ransomware on PCs, report says
Windows users should think about reinforcing their antivirus software. And while Microsoft Defender should provide a line of defense against ransomware, a new report claims that hackers have found a way to get around the ransomware tool to infect PCs with ransomware.
A GuidePoint Security report (via BleepingComputer) found that hackers are using Akira ransomware to exploit a legitimate PC driver to load a second, malicious driver that shuts off Windows Defender, allowing for all sorts of monkey business.
The good driver that's being exploited here is called "rwdrv.sys,' which is used for tuning software for Intel CPUs. Hackers abuse it to install "hlpdrv.sys," another driver that they then use to get around Defender — and start doing whatever it is they want to do.
You May Also Like
GuidePoint reported seeing this type of attack starting in the middle of July. It doesn't seem like the loophole has been patched yet, but the more people know about it, the less likely it is for the exploit to work against them, at least in theory.
In the meantime, allow our colleagues at PCMag to recommend some fine third-party antivirus software to you for your Windows PC. For more information on the latest Akira ransomware attacks — including possible defenses — head to GuidePoint Security.
Topics Cybersecurity Microsoft Windows
Alex Perry is a tech reporter at Mashable who primarily covers video games and consumer tech. Alex has spent most of the last decade reviewing games, smartphones, headphones, and laptops, and he doesn’t plan on stopping anytime soon. He is also a Pisces, a cat lover, and a Kansas City sports fan. Alex can be found on Bluesky at yelix.bsky.social.
