First reported by thecybersecurity.news
GodDamn Ransomware Uses PoisonX Driver to Disable Endpoint Defenses
GodDamn Ransomware Uses PoisonX Driver and Credential Harvesting to Bypass Endpoint Defenses
GodDamn ransomware, first observed on May 21, 2026, is a rebrand of the Beast/Monster ransomware family developed by the threat actor Hyadina. In early June 2026 attacks, the ransomware operators used AnyDesk for remote access, a NirSoft-based credential harvesting toolkit to extract data from browsers and Windows Credential Manager, and the PoisonX signed kernel driver to disable endpoint defenses before encrypting systems.
6h ago1 min readenNews
Key quotes
GodDamn ransomware was first publicly observed in the wild on May 21, 2026 and is assessed as a rebrand of Beast, which is an enhanced version of Monster, a Delphi-based ransomware that appeared in March 2022.
In an early June 2026 attack, attackers used AnyDesk for remote access and a NirSoft-based credential harvesting toolkit to extract data from browsers, Windows Credential Manager, cached domain credentials.
GodDamn ransomware uses the PoisonX signed kernel driver and credential harvesting plus AnyDesk access to disable defenses and encrypt systems.
You might also wanna read
GodDamn Ransomware Uses PoisonX Driver to Disable Endpoint Defenses
thehackernews.com·7h ago
GodDamn Ransomware Uses PoisonX Driver to Disable Endpoint Defenses
thecybersecurity.news·7h ago
GodDamn Ransomware Employs PoisonX to Bypass Security
Cyber Web Spider Blog·3h ago
GodDamn-Ransomware setzt auf den PoisonX-Treiber zur Abschaltung von Endpoint-Defenses
IT BOLTWISE·5h ago
From Armillaria loader to EDR killer
ThreatLocker·14d ago
AI-Generated Browser Ransomware Abuses Chromium API on Windows, Linux, macOS, Android
thehackernews.com·8d ago

Comments
Sign in to join the conversation.
No comments yet. Be the first.