Feeds.4Sysops
GodDamn Ransomware Leverages Microsoft-Signed Driver for Attacks
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
The GodDamn ransomware, a rebrand of the Beast and Monster strains, has emerged as a significant threat, primarily targeting American organizations across various sectors. The threat group Hyadina utilized a malicious kernel driver named PoisonX, which is signed by Microsoft, to disable endpoint security measures. Initial access was gained through AnyDesk, found in an unusual location on infected systems, with credential harvesting conducted using a NirSoft-based toolkit. The attack was first observed on May 29, 2026, with the deployment of the ransomware occurring shortly after. The encrypted files were renamed with the victim organization's name as the extension, which is atypical. The use of dual-use tools and the sophisticated evasion techniques employed indicate a high level of operational maturity within the group. Current investigations are ongoing to determine the full scope of the impact and the initial infection vector.
Key Points: • GodDamn ransomware is a rebrand of previous strains, targeting U.S. organizations. • The PoisonX driver, signed by Microsoft, is used to disable security software. • Initial access was gained through AnyDesk, with credential harvesting via NirSoft tools.