Akira Ransomware Hijacks Intel Driver: A Comedy of Errors in Cybersecurity

Akira ransomware is turning Microsoft Defender into its unwitting accomplice by exploiting the rwdrv.sys driver from ThrottleStop. This clever BYOVD attack has Microsoft Defender singing lullabies instead of defending computers. Brace yourself, SonicWall VPN users, because Akira’s got its eyes on you too!

3P
Published: August 6, 2025 8:22 pmAdded: August 6, 2025 at 1:42 pmAssembled by: The Editor
Pro Dashboard

Hot Take:

When life gives you lemons, make lemonade. And when ransomware gives you a legitimate driver, turn it into a malicious exploit! Akira ransomware is turning the tables on Microsoft Defender by using Intel’s CPU tuning driver for their dastardly deeds. It’s like using a butter knife to rob a bank—unexpected, but apparently effective!

Key Points:

  • Akira ransomware is using Intel’s ‘rwdrv.sys’ driver to disable Microsoft Defender.
  • The attack involves a ‘Bring Your Own Vulnerable Driver’ (BYOVD) tactic.
  • Guidepoint Security has provided a YARA rule and indicators of compromise (IoCs) for detection.
  • Akira has been linked to attacks on SonicWall VPNs, possibly exploiting a zero-day vulnerability.
  • Attackers use the Bumblebee malware loader, trojanized MSI installers, and multiple backdoor tools.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?