Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
 Gigabyte + Windows 7 8 & 10 Are At Risk!
#1
Ransomware installs Gigabyte driver
to kill antivirus products

It has been reported that a ransomware gang, those that encrypt your sensitive stuff and ask you for a fee to decrypt it (if they ever do it), has found another method to vulnerate your PC if your motherboard chipset belongs to Gigabyte. Shocked  Yes, it deactivates your Antivirus in no time. Confused

https://www.zdnet.com/article/ransomware...-products/
ZDNet wrote Wrote:In a report published late last night, Sophos described this new technique as follows:
  1. Ransomware gang gets a foothold on a victim's network.
  2. Hackers install legitimate Gigabyte kernel driver GDRV.SYS.
  3. Hackers exploit a vulnerability in this legitimate driver to gain kernel access.
  4. Attackers use the kernel access to temporarily disable the Windows OS driver signature enforcement.
  5. Hackers install a malicious kernel driver named RBNL.SYS.
  6. Attackers use this driver to disable or stop antivirus and other security products running on an infected host.
  7. Hackers execute the RobbinHood ransomware and encrypt the victim's files.
Per Sophos, this antivirus bypassing technique works on Windows 7, Windows 8, and Windows 10.

Basically what it says is that they manage to connect to your home network (by hacking your WiFi or your router?) and then place a driver that impersonates the usual Gigabyte driver. Nope, it's not like they care about your security. Laughing They just know that driver so well as to send a few commands to force it to do their bidding! Shocked They deactivate Windows features and then it's free to install the real malware that might steal all of your precious moments captured with your camera or all those valuable documents and spreadsheets you had to submit by the end of the week. Confused Antivirus get some serious sleep and after a while you'd get a request for making a payment. Usually they keep asking for more and more money for nothing in return. Sad

ZDNet wrote Wrote:For this debacle, two parties are at fault -- first Gigabyte, and then Verisign.

Gigabyte's fault resides in its unprofessional manner in which it dealt with the vulnerability report for the affected driver. Instead of acknowledging the issue and releasing a patch, Gigabyte claimed its products were not affected.

Now you know how exactly you've ended up fearing when that massive and terrible data loss might ever happen. Sad

ZDNet wrote Wrote:The company's downright refusal to recognize the vulnerability led the researchers who found the bug to publish public details about this bug, along with proof-of-concept code to reproduce the vulnerability. This public proof-of-concept code gave attackers a roadmap to exploiting the Gigabyte driver.

When public pressure was put on the company to fix the driver, Gigabyte instead chose to discontinue it, rather than releasing a patch.

Well, usually whenever a programmer demonstrates that some piece of code is vulnerable, the companies involved in that mess do something to remedy it... except for Gigabyte! Sarcasm 

Of course, hackers like those living in North Korea or Iran or probably China as well are now fully aware of this epic fail and can now target as many affected Gigabyte based PC's as possible. Confused

Verisign, a company in charge of driver security certificates, could have invalidated the driver's certificate as a way to tell Windows it's unsafe... but they just ignored the issue as well. Sarcasm + Confused

Keep in mind there are other variants of this kind of cyber attack that may even reboot your PC to enter safe mode and make sure you can't run any antivirus software! Shocked 

What I'd usually recommend you here would be to do any of the following:
  • Ditch Windows altogether and keep using Linux Laughing 
  • Install Linux in a separate harddisk or disk partition and then install any antivirus available for Linux that you can run to get rid of any malicious software found in your Windows partition(s).

The following section applies only to other variants of this cyberattack

Sadly Sad Houston, we got a problem here. AFAIK there's no antivirus that can check if your motherboard chips got compromised. You'd need to call a technician to flash your compromised chip, hoping it won't render your motherboard useless in case the flashing fails or keeps failing. If carefully done, it should usually work... Still, I can't guarantee that will be more than enough to get rid of the menace. Sarcasm + Confused
"For God has not destined us for wrath, but for obtaining salvation through our Lord Jesus Christ," 1 Thessalonians 5:9

Maranatha!

The Internet might be either your friend or enemy. It just depends on whether or not she has a bad hair day.

[Image: SP1-Scripter.png]
[Image: SP1-Writer.png]
[Image: SP1-Poet.png]
[Image: SP1-PixelArtist.png]
[Image: SP1-Reporter.png]

My Original Stories (available in English and Spanish)

List of Compiled Binary Executables I have published...
HiddenChest & Roole

Give me a free copy of your completed game if you include at least 2 of my scripts! Laughing + Tongue sticking out

Just some scripts I've already published on the board...
KyoGemBoost XP VX & ACE, RandomEnkounters XP, KSkillShop XP, Kolloseum States XP, KEvents XP, KScenario XP & Gosu, KyoPrizeShop XP Mangostan, Kuests XP, KyoDiscounts XP VX, ACE & MV, KChest XP VX & ACE 2016, KTelePort XP, KSkillMax XP & VX & ACE, Gem Roulette XP VX & VX Ace, KRespawnPoint XP, VX & VX Ace, GiveAway XP VX & ACE, Klearance XP VX & ACE, KUnits XP VX, ACE & Gosu 2017, KLevel XP, KRumors XP & ACE, KMonsterPals XP VX & ACE, KStatsRefill XP VX & ACE, KLotto XP VX & ACE, KItemDesc XP & VX, KPocket XP & VX
Reply
#2
My old PC uses a Gigabyte mobo and I haven't booted for 3 years now. It never managed to run Windows 10 (it would auto-corrupt every time I tried and microsoft couldn't fix it) so it's still on 7. I guess I'll have to update it if I ever use it again.
Reply
#3
Dialup for the win!
Up is down, left is right and sideways is straight ahead. - Cord "Circle of Iron", 1978 (written by Bruce Lee and James Coburn... really...)
[Image: QrnbKlx.jpg]

Reply
#4
I'm sorry to tell you this, Wulfo, but your connection speed isn't a real advantage if it starts downloading the drivers while you're AFK. Laughing
"For God has not destined us for wrath, but for obtaining salvation through our Lord Jesus Christ," 1 Thessalonians 5:9

Maranatha!

The Internet might be either your friend or enemy. It just depends on whether or not she has a bad hair day.

[Image: SP1-Scripter.png]
[Image: SP1-Writer.png]
[Image: SP1-Poet.png]
[Image: SP1-PixelArtist.png]
[Image: SP1-Reporter.png]

My Original Stories (available in English and Spanish)

List of Compiled Binary Executables I have published...
HiddenChest & Roole

Give me a free copy of your completed game if you include at least 2 of my scripts! Laughing + Tongue sticking out

Just some scripts I've already published on the board...
KyoGemBoost XP VX & ACE, RandomEnkounters XP, KSkillShop XP, Kolloseum States XP, KEvents XP, KScenario XP & Gosu, KyoPrizeShop XP Mangostan, Kuests XP, KyoDiscounts XP VX, ACE & MV, KChest XP VX & ACE 2016, KTelePort XP, KSkillMax XP & VX & ACE, Gem Roulette XP VX & VX Ace, KRespawnPoint XP, VX & VX Ace, GiveAway XP VX & ACE, Klearance XP VX & ACE, KUnits XP VX, ACE & Gosu 2017, KLevel XP, KRumors XP & ACE, KMonsterPals XP VX & ACE, KStatsRefill XP VX & ACE, KLotto XP VX & ACE, KItemDesc XP & VX, KPocket XP & VX
Reply
#5
Assuming you have GDRV.SYS, the hacker's back door into your system....
.... which I don't. Laughing
Up is down, left is right and sideways is straight ahead. - Cord "Circle of Iron", 1978 (written by Bruce Lee and James Coburn... really...)
[Image: QrnbKlx.jpg]

Reply
#6
O_o? I think you haven't read the part where they infiltrate your local network to install that GDRV.SYS driver on your PC... Even if you just use a dial up modem, how often has AOL updated its drivers? When was the last time they replaced the modem?
"For God has not destined us for wrath, but for obtaining salvation through our Lord Jesus Christ," 1 Thessalonians 5:9

Maranatha!

The Internet might be either your friend or enemy. It just depends on whether or not she has a bad hair day.

[Image: SP1-Scripter.png]
[Image: SP1-Writer.png]
[Image: SP1-Poet.png]
[Image: SP1-PixelArtist.png]
[Image: SP1-Reporter.png]

My Original Stories (available in English and Spanish)

List of Compiled Binary Executables I have published...
HiddenChest & Roole

Give me a free copy of your completed game if you include at least 2 of my scripts! Laughing + Tongue sticking out

Just some scripts I've already published on the board...
KyoGemBoost XP VX & ACE, RandomEnkounters XP, KSkillShop XP, Kolloseum States XP, KEvents XP, KScenario XP & Gosu, KyoPrizeShop XP Mangostan, Kuests XP, KyoDiscounts XP VX, ACE & MV, KChest XP VX & ACE 2016, KTelePort XP, KSkillMax XP & VX & ACE, Gem Roulette XP VX & VX Ace, KRespawnPoint XP, VX & VX Ace, GiveAway XP VX & ACE, Klearance XP VX & ACE, KUnits XP VX, ACE & Gosu 2017, KLevel XP, KRumors XP & ACE, KMonsterPals XP VX & ACE, KStatsRefill XP VX & ACE, KLotto XP VX & ACE, KItemDesc XP & VX, KPocket XP & VX
Reply
#7
Ahh... I use a simple USB modem. And it cannot support Gigabyte. Research is fun.
Up is down, left is right and sideways is straight ahead. - Cord "Circle of Iron", 1978 (written by Bruce Lee and James Coburn... really...)
[Image: QrnbKlx.jpg]

Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
   Windows 10 IS Unsafe! kyonides 24 9,400 08-18-2021, 04:57 AM
Last Post: kyonides
   Windows 7 is a Burden! kyonides 10 4,654 02-24-2020, 04:31 AM
Last Post: DerVVulfman
   Ugly Display Settings in Windows 10 kyonides 0 1,344 11-13-2019, 06:53 PM
Last Post: kyonides
   Windows 10 MetalRenard 83 47,802 07-02-2017, 02:53 PM
Last Post: lestat3179



Users browsing this thread: