Hackers can bypass Microsoft Defender to put in ransomware on PCs

In a report revealed by safety firm GuidePoint Safety, they’ve issued a warning that hackers can successfully bypass Microsoft Defender to put in and deploy Akira ransomware.

That is executed by exploiting a susceptible driver known as rwdrv.sys, which is a reliable driver utilized by an Intel CPU tuning software known as ThrottleStop. By exploiting this driver, a hacker can acquire kernel-level entry to the PC.

With kernel-level entry, the hacker can then load their very own malicious driver—on this case, hlpdrv.sys, which modifies the Home windows Registry and causes Microsoft Defender to disable its protecting measures.

This two-punch strategy has been flagged by GuidePoint Safety because the deployment technique for Akira ransomware assaults, which have been ongoing since July of this yr.

To remain protected, be sure to’re utilizing respected antivirus software program in your Home windows PC and ensure to maintain it up-to-date always. Common updates assist be sure that your system is defended in opposition to new malware definitions as they’re found and flagged.

Additional studying: How a lot antivirus safety do you actually need?