Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
GodDamn Ransomware Employs PoisonX to Bypass Security

GodDamn Ransomware Employs PoisonX to Bypass Security

Posted on July 9, 2026 By CWS

The GodDamn ransomware has emerged as a formidable threat in the cybersecurity landscape, utilizing the PoisonX kernel driver to undermine security software. This strategy allows it to evade defenses effectively, according to a recent Symantec Threat Hunter Team report.

Background and Development

Initially detected in the wild on May 21, 2026, GodDamn ransomware is believed to be a rebranded version of the older Beast ransomware, itself a successor of Monster, which first appeared in March 2022. The developer behind these evolving ransomware families, identified as Hyadina, is under scrutiny by Broadcom’s cybersecurity branch.

In a noted attack in early June 2026, threat actors used AnyDesk for remote access and employed a NirSoft-based toolkit to harvest credentials before deploying the ransomware. The method of initial system access remains unclear. The toolkit is adept at extracting sensitive information from various sources, including web browsers, Windows Credential Manager, and live network traffic.

Exploitation Tactics

A significant aspect of the attack involves a user-mode tool masquerading as a Symantec product and the PoisonX driver to deactivate endpoint defenses through a bring your own vulnerable driver (BYOVD) approach. The PoisonX driver is particularly noteworthy for being signed by Microsoft, which enhances its ability to bypass security measures.

This driver is also part of The Gentlemen ransomware-as-a-service (RaaS) arsenal, which provides affiliates with tools to disable system defenses before encryption. Attackers exploit signed drivers to infiltrate systems, as they are automatically loaded by Windows, facilitating the neutralization of antivirus and endpoint detection processes.

Attack Execution and Impact

The attack strategy includes using PsExec for lateral movement, establishing AnyDesk on accessible hosts, and setting it as an auto-start service to maintain persistence. In some instances, the AnyDesk installation is automated using a PowerShell script pre-deployed on the system, indicating a streamlined attack process.

The operation concluded with the ransomware detected on a separate network segment by June 3, affecting files by renaming them with the victim’s name as extensions. CYFIRMA reported that the ransom note directs victims to contact the attackers via email or the qTox encrypted messaging app.

GodDamn’s use of the PoisonX driver signifies a notable advancement in evasion tactics, reflecting Hyadina’s ongoing efforts to enhance its ransomware’s capabilities, as stated by cybersecurity experts.

The Hacker News Tags:AnyDesk, BYOVD attack, credential harvesting, Cybersecurity, endpoint security, GodDamn ransomware, Hyadina, malicious drivers, PoisonX driver, PsExec, RaaS, Symantec

Post navigation

Previous Post: Everest Ransomware’s Dubious Data Theft Claim Examined
Next Post: UK Unveils Cybersecurity Strategy with AI Defense Initiative

Related Posts

Weekly Cybersecurity Recap: Major Threats and Developments Weekly Cybersecurity Recap: Major Threats and Developments The Hacker News
Why You Should Swap Passwords for Passphrases Why You Should Swap Passwords for Passphrases The Hacker News
The State of AI in the SOC 2025 The State of AI in the SOC 2025 The Hacker News
CISA Adds Two N-able N-central Flaws to Known Exploited Vulnerabilities Catalog CISA Adds Two N-able N-central Flaws to Known Exploited Vulnerabilities Catalog The Hacker News
New EVALUSION ClickFix Campaign Delivers Amatera Stealer and NetSupport RAT New EVALUSION ClickFix Campaign Delivers Amatera Stealer and NetSupport RAT The Hacker News
Google Identifies Three New Russian Malware Families Created by COLDRIVER Hackers Google Identifies Three New Russian Malware Families Created by COLDRIVER Hackers The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • UNC6692 Exploits Microsoft Teams for SNOW Malware Attack
  • UK Unveils Cybersecurity Strategy with AI Defense Initiative
  • GodDamn Ransomware Employs PoisonX to Bypass Security
  • Everest Ransomware’s Dubious Data Theft Claim Examined
  • GhostLock Bug in Linux Kernel Earns $92k Bounty

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • UNC6692 Exploits Microsoft Teams for SNOW Malware Attack
  • UK Unveils Cybersecurity Strategy with AI Defense Initiative
  • GodDamn Ransomware Employs PoisonX to Bypass Security
  • Everest Ransomware’s Dubious Data Theft Claim Examined
  • GhostLock Bug in Linux Kernel Earns $92k Bounty

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark