Signed, Sealed, Infected: The GodDamn Ransomware Using Microsoft Trust as a Weapon
The GodDamn ransomware operation has evolved its tactics by deploying a malicious kernel driver dubbed PoisonX, which possesses a legitimate signature from the Microsoft Hardware Compatibility Publisher. This signature allowed the driver to bypass Windows security checks and gain deep system access, where it was then used to terminate Endpoint Detection and Response (EDR) tools across ten target hosts. By neutralizing security software at the kernel level, the attackers were able to encrypt files without interference. This incident underscores a growing threat where attackers successfully infiltrate official supply chains to obtain valid digital signatures, complicating the defense strategies of enterprise security teams.