Hackers found a way around Microsoft Defender to install ransomware on PCs, report says
Windows users should think about reinforcing their antivirus software. And while Microsoft Defender should provide a line of defense against ransomware, a new report claims that hackers have found a way to get around the ransomware tool to infect PCs with ransomware.
A GuidePoint Security report (via BleepingComputer) found that hackers are using Akira ransomware to exploit a legitimate PC driver to load a second, malicious driver that shuts off Windows Defender, allowing for all sorts of monkey business.
The good driver that's being exploited here is called "rwdrv.sys,' which is used for tuning software for Intel CPUs. Hackers abuse it to install "hlpdrv.sys," another driver that they then use to get around Defender — and start doing whatever it is they want to do.
You May Also Like
Apple AirPods Pro 3 Noise Cancelling Heart Rate Wireless Earbuds — $219.99 (List Price $249.00)
Apple iPad 11" 128GB Wi-Fi Retina Tablet (Blue, 2025 Release) — $274.00 (List Price $349.00)
Amazon Fire HD 10 32GB Tablet (2023 Release, Black) — $69.99 (List Price $139.99)
Sony WH-1000XM5 Wireless Noise Canceling Headphones — $248.00 (List Price $399.99)
Blink Outdoor 4 1080p Security Camera (5-Pack) — $159.99 (List Price $399.99)
Fire TV Stick 4K Streaming Device With Remote (2023 Model) — $24.99 (List Price $49.99)
Shark AV2511AE AI Robot Vacuum With XL Self-Empty Base — $249.99 (List Price $599.00)
Apple Watch Series 11 (GPS, 42mm, S/M Black Sport Band) — $339.00 (List Price $399.00)
WD 6TB My Passport USB 3.0 Portable External Hard Drive — $138.65 (List Price $179.99)
Dell 14 Premium Intel Ultra 7 512GB SSD 16GB RAM 2K Laptop — $999.99 (List Price $1549.99)
GuidePoint reported seeing this type of attack starting in the middle of July. It doesn't seem like the loophole has been patched yet, but the more people know about it, the less likely it is for the exploit to work against them, at least in theory.
In the meantime, allow our colleagues at PCMag to recommend some fine third-party antivirus software to you for your Windows PC. For more information on the latest Akira ransomware attacks — including possible defenses — head to GuidePoint Security.
Topics Cybersecurity Microsoft Windows
Alex Perry is a tech reporter at Mashable who primarily covers video games and consumer tech. Alex has spent most of the last decade reviewing games, smartphones, headphones, and laptops, and he doesn’t plan on stopping anytime soon. He is also a Pisces, a cat lover, and a Kansas City sports fan. Alex can be found on Bluesky at yelix.bsky.social.
