New GodDamn ransomware emerges as rebranded Beast variant using kernel-level evasion
By
Mr Bagel
A new ransomware family called GodDamn has been spotted in the wild, employing a kernel-level driver to disable endpoint defenses, according to cybersecurity researchers. Symantec's Threat Hunter Team reported that the ransomware was first publicly observed on May 21, 2026, and assess it to be a rebranding of the Beast ransomware.
"employs the PoisonX kernel driver to neutralize security software as part of its defense evasion strategy."
This technique, which operates at the kernel level, allows GodDamn to bypass or terminate security tools before carrying out its encryption routine, making it particularly dangerous for organizations relying on standard endpoint protection.
"It's assessed to be a rebrand of the Beast ransomware."
The connection to Beast ransomware suggests that the operators may be leveraging existing code and infrastructure, giving them a head start over defenders who might have been tracking the older variant.
Symantec's analysis indicates that GodDamn is still emerging, but its use of the PoisonX driver shows a deliberate effort to evade detection at a fundamental level. Researchers urge organizations to update their security policies and monitor for unusual kernel-level activity as a countermeasure.
The reporting
2 outlets covered this story. Each links to the original.
Baker's Take
Comments
Sign in to join the conversation.
No comments yet. Be the first.