Ügyes új zsaroló vírus | CIO | Scoop.it
From www.computerweekly.com - February 10, 2020 7:56 AM

By subverting kernel memory settings in Windows 7, Windows 8 and Windows 10, the RobbinHood ransomware can now delete cyber security defences from target systems.

This is the first time we have seen ransomware bring its own legitimately signed, albeit vulnerable, third-party driver to take control of a device and use that to disable the installed security software, bypassing the features specially designed to prevent such tampering. Killing the protection leaves the malware free to install and execute the ransomware uninterrupted.