There is a security vulnerability doing the rounds, but this one is a little bit different – and potentially more dangerous – because it acts as a wedge to hold the door open for a second piece of malware to be installed. And your PC will know nothing about it, until it’s too late!
How it works
Cyber-criminals will send a file (usually by email) or embed it within a link, usually from a ‘recognisable’ source. If you open the file, it will install a driver on your PC for an old piece of hardware.
The driver is already digitally signed (it effectively comes with the green light to go ahead), so your PC lets it in. Windows won’t flag it and neither will your Anti-Virus, because it’s deemed to be ‘approved’.
This driver acts as a wedge, which then holds the door open for the hackers to be able to install their own driver, deactivate your anti-virus and then proceed to run RobinHood ransomware that will encrypt files on the infected systems.
What do I do if I think I’ve been compromised?
Contact your IT team immediately!
How can I protect myself?
Vigilance! As always, be careful with clicks, links and opening files which you are not expecting. If in doubt, contact your IT team!
Privilege Management Make sure you are not running as an Administrator on your PC – and if you need Administrator rights, then make sure this is done under a second, separate account that is not used for normal business operation.