Skip to main content

Vulnerable Gigabyte driver allowed RobbinHood ransomware infections

(Image credit: Pixabay)

A serious security flaw in Gigabyte drivers may have allowed hackers to take over entire computer systems, experts have warned.

According to security firm Sophos, this vulnerability could have meant hackers gained backdoor entry to computers running on Windows 7 or a newer version of Windows OS to deploy the notorious “Robbinhood” ransomware.

The ransomware was then able to deactivate any antivirus program running on the system which in turn allowed the hackers to take over the machine.

Robbinhood was able to trick the antivirus program into believing it was one of the “trusted programs” that need to run. Trusted programs are basically is a group of trusted whitelisted applications that needs to run and are not blocked by the anti-virus. It was one of the rare scenarios where, according to Sophos, ransomware hijacked a trusted driver to do so.

After initially appearing reluctant to acknowledge the flaw, Gigabyte did back down following unrelenting pressure from users.

However, rather than releasing a patch to fix the vulnerability, the company chose to discontinue the support to the driver. This has given hackers an opportunity to infect devices running the said driver.

Sophos suggests that users should not rely on a single layer of protection on their devices. Best practices like taking regular backups, multi-factor authentication, and using OS accounts with limited access rights can help to keep the devices safe. Even if the Operating System on your computer is fully updated, hackers can still find a backdoor entry because of these vulnerabilities.

Via: TomsHardware