Ransomware takes advantage of a vulnerability discovered by Gigabyte in 2018. Gigabyte had previously accepted that such a vulnerability exists in systems. Thanks to this vulnerability, hackers can easily access the system and disable antivirus on this computer, easily performing their actions.
The second driver installed by hackers is blocking the processes and files of the antivirus in the system. Thus, the virus, which does not encounter any resistance, rests comfortably on the victim’s computer. Sophos also mentioned in the description that such a virus was first discovered.
Ransomware uses a third-party driver with Microsoft’s signature on it. This driver can replace kernel files to install its own malicious driver. The normal driver that changes kernel files is thus completely disabled.
Ransomware is a software used by malicious hackers who want to demand ransom from their victims. According to reports, the victims of hackers have to pay a fee to access the files on their computers. If the victim does not pay a fee, an additional $ 10,000 is added to the fee they have to pay.
Steel.exe is the name of the executable file in Gigabyte’s gdrv.sys driver used by hackers. This extracts a file named ROBNR.EXE and transfers it to the temporary files section of Windows. ROBNR.EXE installs two different drivers, one of which is Gigabyte.
Valve Brings A System That Automatically Silences Malicious CS: GO Players