Post by Symantec
445,718 followers
Meet GodDamn. It doesn’t evade your defenses, it tries to shut them down first. And it's probably the first thing security analysts say after they've been hit. This ransomware strain uncovered by our Threat Hunter Team uses a Microsoft-signed kernel driver. Before encryption begins, GodDamn deploys PoisonX. What defenders should know: ⚠️ Uses a Microsoft-signed kernel driver. ⚠️ Terminates security-product processes before encryption begins. ⚠️ Attackers spent four days inside the victim network before launching ransomware. Attack chain breakdown, IOCs, and protection updates in the comments. 👇
Video Content