All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Security
Security
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter
First reported by thecybersecurity.news
GodDamn Ransomware Uses PoisonX Driver to Disable Endpoint Defenses

GodDamn Ransomware Uses PoisonX Driver and Credential Harvesting to Bypass Endpoint Defenses

GodDamn ransomware, first observed on May 21, 2026, is a rebrand of the Beast/Monster ransomware family developed by the threat actor Hyadina. In early June 2026 attacks, the ransomware operators used AnyDesk for remote access, a NirSoft-based credential harvesting toolkit to extract data from browsers and Windows Credential Manager, and the PoisonX signed kernel driver to disable endpoint defenses before encrypting systems.

6h ago1 min readenNews
Read on briefly.co

Key quotes

GodDamn ransomware was first publicly observed in the wild on May 21, 2026 and is assessed as a rebrand of Beast, which is an enhanced version of Monster, a Delphi-based ransomware that appeared in March 2022.
In an early June 2026 attack, attackers used AnyDesk for remote access and a NirSoft-based credential harvesting toolkit to extract data from browsers, Windows Credential Manager, cached domain credentials.
GodDamn ransomware uses the PoisonX signed kernel driver and credential harvesting plus AnyDesk access to disable defenses and encrypt systems.

You might also wanna read

Comments

Sign in to join the conversation.

No comments yet. Be the first.