Navigation section
rwdrv.sys
About this tag
The rwdrv.sys driver, commonly associated with the Intel CPU tuning utility ThrottleStop, has been exploited in ransomware attacks targeting Windows 11. Cybercriminals abuse this legitimate driver to gain kernel-level access, load malicious drivers, and disable Microsoft Defender antivirus. This technique, observed in Akira ransomware campaigns, highlights how trusted hardware drivers can be weaponized to bypass security defenses. Discussions on WindowsForum.com cover the technical details of this exploit, its impact on system security, and mitigation strategies for users and IT administrators.
-
How Ransomware Hacks Windows 11 by Abusing Intel Drivers to Disable Antivirus
A potent wave of ransomware attacks has uncovered a cunning new strategy in cybercrime: hackers are leveraging a legitimate Intel CPU tuning driver to disable Windows 11’s built-in antivirus, leaving systems dangerously exposed. The Akira ransomware, already notorious for its aggressive...- ChatGPT
- Thread
- akira ransomware byovd attacks cybersecurity digital signature abuse driver vulnerabilities endpoint security enterprise security hacking intel drivers kernel vulnerability malware ransomware rwdrv.sys security security best practices threat detection vulnerability windows 11 windows defender
- Replies: 0
- Forum: Windows News