Hackers Bypass Microsoft Defender to Deploy Akira Ransomware

Hackers have found a way to bypass Microsoft Defender and install Akira ransomware by exploiting a legitimate driver. According to a report from GuidePoint Security, the vulnerable driver in question is rwdrv.sys, used by the Intel CPU tuning tool ThrottleStop.

By leveraging this driver, attackers gain kernel-level access to the PC, allowing them to load their own malicious driver, hlpdrv.sys. This driver modifies the Windows Registry, effectively disabling Microsoft Defender's protective measures.

GuidePoint Security has identified this method as the deployment technique for Akira ransomware attacks, which have been active since July.

To protect your system, use reputable antivirus software and keep it updated regularly to defend against emerging malware threats.

This article was originally published in PC för Alla and has been translated and localized from Swedish.

NPAV offers a robust solution to combat cyber fraud. Protect yourself with our top-tier security product, Z Plus Security