Ransomware attacks: malicious code with valid certificates
Sophos thwarts ransomware attacks with a rare, malicious driver, but signed with a valid Microsoft digital certificate. The driver targets Endpoint Detection and Response (EDR) processes. The attack is linked to the Cuba Ransomware Group. Sophos found malicious code in several drivers signed with legitimate digital certificates. The new report, Signed Driver Malware Moves up the Software Trust Chain, details the investigation that began with an attempted ransomware attack. The attackers used a malicious driver that was bundled with a legitimate Microsoft Windows Hardware Compatibility Publisher digital certificate.