Hardware drivers approved by Microsoft used in ransomware attacks

>

Researchers at Sophos (opens in new tab) have determined that vulnerabilities in Microsoft-approved hardware drivers have been exploited in ransomware attacks by a group known as Cuba.

A few files have been found on compromised machines that, according to Sophos, “work together to terminate processes or services used by different vendors of endpoint security products.”