Ransomware installs Gigabyte driver to kill antivirus products -

He Who Points And Laughs

Flavortown Refugee
kiwifarms.net
Original Story || Archive

Essentially, Gigabyte ignored an issue with its GDRV.SYS driver allowing hackers to exploit a vulnerability to gain kernel access. Having access they can install a dodgy kernel driver (RBNL.SYS) to then disable antivirus and other protections, then they can execute the RobbinHood ransomware to encrypt the victims files.

Verisign is also at fault as it hasn't revoked the signing certificate of the driver.
 

MediocreMilt

I could be something that is carrying a disease
kiwifarms.net
Article is woefully underinformative.

Who is this a threat to?

Everyone?
Just Windows users? EDIT: re-read, Windows 7,8,10 explicitly named. But does that exclude other OS from vulnerability?
Do you have to have Gigabyte-make components? Is it all components? Just MOBO?
 

He Who Points And Laughs

Flavortown Refugee
kiwifarms.net
Article is woefully underinformative.

Who is this a threat to?

Everyone?
Just Windows users? EDIT: re-read, Windows 7,8,10 explicitly named. But does that exclude other OS from vulnerability?
Do you have to have Gigabyte-make components? Is it all components? Just MOBO?
It's a windows driver. Your Plan9 laptop is fine.
 

garakfan69

Please be patient, I have idiocy
kiwifarms.net
I'm surprised that doesn't happen more often.
Drivers are notoriously badly programmed without any regard to security and usually run in Ring 0.
 
  • Agree
Reactions: Roland Juno-G

Aberforth

Straight A student in special ed.
kiwifarms.net
Built someone a computer with a Gigabyte motherboard. Might need to give their system a check up.

This is why I only update drivers when it's needed.
 

Blood Bath & Beyond

Proud Cracker
kiwifarms.net
It's not a Windows driver. It's a Gigabyte driver FOR Windows. There is a difference you moron. One would be on all copies of Windows for all people, the other is only on computers with Windows AND with Gigabyte hardware. For instance, my computer, with Windows, does not have a Gigabyte motherboard, hence IT DOESN'T HAVE THE DRIVER. Is this still too complicated for you to follow?
 

teriyakiburns

Nothing like waiting till the last minute, huh?
kiwifarms.net
It's not a Windows driver. It's a Gigabyte driver FOR Windows. There is a difference you moron. One would be on all copies of Windows for all people, the other is only on computers with Windows AND with Gigabyte hardware. For instance, my computer, with Windows, does not have a Gigabyte motherboard, hence IT DOESN'T HAVE THE DRIVER. Is this still too complicated for you to follow?
The question was whether it affects other operating systems than windows. The answer was no, because it's a driver for windows, you utter tard. Learn to read before spouting off next time.

Besides, the virus is installing the driver as part of its infection process. No gigabyte hardware needed.
 

Blood Bath & Beyond

Proud Cracker
kiwifarms.net
The question was whether it affects other operating systems than windows. The answer was no, because it's a driver for windows, you utter tard. Learn to read before spouting off next time.

Besides, the virus is installing the driver as part of its infection process. No gigabyte hardware needed.
That actually WASN'T the question, moron. This was the question: "Who is this a threat to? Everyone? Just Windows users?" To which the correct answer would have been "Anyone on Windows who has a Gigabyte motherboard." How the fuck are you seriously this dense? You really might want to get your sight checked out and at the very least brush up on those reading comprehension skills. Also, no one is magically voodooing the drivers onto your computer, the only people who would be coming into contact with the driver in question is people with Gigabyte hardware or people whose security is already compromised.
 
Last edited:
Tags
None