In a report published by security company GuidePoint Security , they’ve issued a warning that hackers can effectively bypass Microsoft Defender to install and deploy Akira ransomware.

This is done by exploiting a vulnerable driver called rwdrv.sys , which is a legitimate driver used by an Intel CPU tuning tool called ThrottleStop. By exploiting this driver, a hacker can gain kernel-level access to the PC.

With kernel-level access, the hacker can then load their own malicious driver—in this case, hlpdrv.sys , which modifies the Windows Registry and causes Microsoft Defender to disable its protective measures.

This two-punch approach has been flagged by GuidePoint Security as the deployment method for Akira ransomware attacks , which have been ongoing since July of this year.

To

See Full Page