← All stories
● Covered by 1 source Β· 1 reportHigh impact

GodDamn Ransomware Employs PoisonX Driver to Bypass Security Defenses

Aggregated by BrevFeed security Β· updated 1h ago
πŸ”– Save

A new ransomware family named GodDamn uses the PoisonX kernel driver to disable endpoint security software, enhancing its evasion capabilities. This malware, traced back to previous variants, poses a significant threat due to its sophisticated attack methods and reliance on signed drivers.

Key points

Introduction to GodDamn Ransomware

Cybersecurity researchers have identified a new ransomware known as GodDamn. This malware employs the PoisonX kernel driver to neutralize security systems, significantly complicating defense efforts against its attacks.

Evolution of GodDamn

GodDamn ransomware is assessed as a rebrand of the Beast ransomware, which was itself an enhancement of Monster, a Delphi-based ransomware first observed in March 2022. The developer behind these ransomware variants is tracked under the name Hyadina by Broadcom's cybersecurity division.

Attack Strategy and Tools

In early June 2026, the GodDamn ransomware conducted an attack using AnyDesk for remote access and utilized a NirSoft-based toolkit for credential harvesting. The exact initial access vector is currently unknown, complicating the attribution of the initial compromise.

Use of PoisonX Driver

The integration of the PoisonX driver, known to be signed by Microsoft, represents a significant advancement in attack strategies. The malicious driver can disable security software and is part of a broader technique known as Bring Your Own Vulnerable Driver (BYOVD), allowing attackers to exploit legitimate system processes to their advantage.

Implications for Cybersecurity

The emergence of GodDamn ransomware signals a troubling trend in cyber threats, where attackers use validly signed drivers to circumvent security measures. Vulnerable drivers provide attackers with administrator privileges, enabling them to execute more effective and less detectable attacks. This highlights the need for ongoing vigilance and updated defensive strategies in cybersecurity.

Conclusion

With the capabilities demonstrated by GodDamn ransomware, there is an urgent need for enhanced security protocols to address this evolving threat landscape. The use of the PoisonX driver marks a significant shift in how ransomware can operate against conventional defenses.

✨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β€” check the original sources. How BrevFeed works β†’

Primary sources

CVE CVE-2026-552008.1 HIGH CVE CVE-2026-468179.8 CRITICAL

Reporting from

A new ransomware family named GodDamn uses the PoisonX kernel driver to disable endpoint security software, enhancing its evasion capabilities. This malware, traced back to previous variants, poses a significant threat due to its sophisticated attack methods and reliance on signed drivers.