News Gigabyte Driver Used to Disable Antivirus Software in RobbinHood Ransomware Scheme

[Admin]

According to cybersecurity firm Sophos, RobbinHood ransomware has been making use of legitimate, but vulnerable, Gigabyte drivers to infect PCs.

Gigabyte Driver Used to Disable Antivirus Software in RobbinHood Ransomware Scheme : Read more

 

[Coolmeadow Kid]

Which Gigabyte/Aorus boards or drivers are vulnerable? That's something I would have liked to see in the original story. Maybe a link to a list. I'm not very tech savvy, so would like to know what needs to be updated to secure my systems.

 

[Chung Leong]

Which Gigabyte/Aorus boards or drivers are vulnerable? That's something I would have liked to see in the original story. Maybe a link to a list. I'm not very tech savvy, so would like to know what needs to be updated to secure my systems.

All Windows PC are vulnerable to this. There's nothing you can do to secure your system, other than not running the executable.

 

[Coolmeadow Kid]

All Windows PC are vulnerable to this. There's nothing you can do to secure your system, other than not running the executable.

Thank you for the reply. But one thing doesn't make sense, that is if all the information in the article is correct. It states that Gigabyte stopped supporting that driver instead of patching it. So did they keep using it without blocking a hacker? The way it's written, my first thought is they came out with a new driver. If Gigabyte is still using the flawed driver, quit supporting it, and didn't issue a patch, then in my eyes, they are complicit with the hackers.

 

[ko888]

Which Gigabyte/Aorus boards or drivers are vulnerable? That's something I would have liked to see in the original story. Maybe a link to a list. I'm not very tech savvy, so would like to know what needs to be updated to secure my systems.

BleepingComputer lists these four apps as having the vulnerability:

GIGABYTE App Center (v1.05.21 and below)
AORUS Graphics Engine (v1.33 and below)
XTREME Engine utility (v1.25 and earlier)
OC Guru II (v2.08)

 

[razor512]

Was just about to post that, just found it crazy how the article lacked that info. The source article linked to the CVE that detailed the issue, but subsequent articles skipped it.
This gives the false impression that there is nothing you can do when in reality, it is a few applications that no one uses.

 

[Chung Leong]

If Gigabyte is still using the flawed driver, quit supporting it, and didn't issue a patch, then in my eyes, they are complicit with the hackers.

The vulnerability can't be eliminated by a patch. The crooks will just continue to bundle the vulnerable version of the driver. To stop the OS from trusting the driver, the key used to sign it has to be revoked. But that would render other drivers signed with the same key unusable as well.

 

[Chung Leong]

This gives the false impression that there is nothing you can do when in reality, it is a few applications that no one uses.

You're missing the point. In a ransomeware scenario, the victim is tricked into downloading and running the malware. The vulnerable driver doesn't need to be present prior to the attack. The malware itself can install it. Windows will ask for permission but the mildly worded warning won't defer people.

 

[Coolmeadow Kid]

BleepingComputer lists these four apps as having the vulnerability:

GIGABYTE App Center (v1.05.21 and below)
AORUS Graphics Engine (v1.33 and below)
XTREME Engine utility (v1.25 and earlier)
OC Guru II (v2.08)

Thanks! That's what I was looking for. I think.

 

[littleleo]

All Windows PC are vulnerable to this. There's nothing you can do to secure your system, other than not running the executable.

We can stop buying Gigabytet motherboards until they change their thinking. Loss of sales usually will get their attention.