BlackByte Ransomware Abuses Vulnerable Windows Driver to Disable Security Solutions

07-Oct-22

The perpetrators of the BlackByte ransomware are utilising a hole in a legal Windows driver to bypass security measures in yet another incidence of bring your own vulnerable driver (BYOVD) assault. According to Sophos threat researcher Andreas Klopsch in a recent technical write-up, “the evasion approach allows disabling a huge list of over 1,000 drivers on which security firms rely to give protection.” BYOVD is an attack tactic in which threat actors target vulnerabilities in legal, signed drivers in order to accomplish effective kernel-mode exploitation and take control of vulnerable computers. Read More…