Researchers at Sophos(opens in new tab) have identified that vulnerabilities in Microsoft-approved hardware drivers have been exploited in ransomware attacks by a group known as Cuba.
A pair of files were found on compromised machines that Sophos says “work together to terminate processes or services used by a variety of endpoint security product vendors.”
Claiming to have “kicked the attackers off the systems” before things escalated, the company can’t be sure what sort of attacks (if any) may have taken place, though some evidence points at a variant of malware known as ‘BURNTCIGAR’.