{"id":33254,"date":"2020-02-11T02:00:32","date_gmt":"2020-02-11T02:00:32","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/forgotten-motherboard-driver-turns-out-to-be-perfect-for-slipping-windows-ransomware-past-antivirus-checks\/"},"modified":"2020-02-11T02:00:32","modified_gmt":"2020-02-11T02:00:32","slug":"forgotten-motherboard-driver-turns-out-to-be-perfect-for-slipping-windows-ransomware-past-antivirus-checks","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/forgotten-motherboard-driver-turns-out-to-be-perfect-for-slipping-windows-ransomware-past-antivirus-checks\/","title":{"rendered":"Forgotten motherboard driver turns out to be perfect for slipping Windows ransomware past antivirus checks"},"content":{"rendered":"<p>A kernel-level driver for old PC motherboards has been abused by criminals to hijack Windows computers, disable antivirus, and hold files to ransom.<\/p>\n<p>Sophos <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/news.sophos.com\/en-us\/2020\/02\/06\/living-off-another-land-ransomware-borrows-vulnerable-driver-to-remove-security-software\/\">this month reported<\/a> that an arbitrary read-write flaw in a digitally signed driver for now-deprecated Gigabyte hardware was recently used by ransomware, dubbed Robbinhood, to quietly switch off security safeguards on Windows 7, 8 and 10 machines.<\/p>\n<p>The problem, said Sophos, is that while Gigabyte stopped supporting and shipping the driver a while back, the software&#8217;s cryptographic signature is still valid. And so, when the ransomware infects a computer \u2013 either by some other exploit or by tricking a victim into running it \u2013 and loads the driver, the operating system and antivirus packages will allow it because the driver appears legit.<\/p>\n<p>At that point, the ransomware exploits the security flaw in the Gigabyte driver to alter memory to bypass protection mechanisms and inject malicious code into kernel space, completely compromising the box and allowing the file-scrambling component to run unhindered.<\/p>\n<p>&#8220;In this attack scenario, the criminals have used the Gigabyte driver as a wedge so they could load a second, unsigned driver into Windows,&#8221; Sophos explains. &#8220;This second driver then goes to great lengths to kill processes and files belonging to endpoint security products, bypassing tamper protection, to enable the ransomware to attack without interference.&#8221;<\/p>\n<div class=\"promo_article\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/regmedia.co.uk\/2017\/05\/12\/ransomware.jpg?x=174&amp;y=115&amp;crop=1\" width=\"174\" height=\"115\" alt=\"ransomware\"><\/p>\n<h2 title=\"Top military officers talk about response thresholds at French shindig\">WannaCry ransomware attack on NHS could have triggered NATO reaction, says German cybergeneral<\/h2>\n<p><a href=\"https:\/\/www.theregister.co.uk\/2020\/02\/03\/wannacry_nato_response\/\"><span>READ MORE<\/span><\/a><\/div>\n<p>Specifically, RobbinHood loads the Gigabyte driver, exploits the read-write hole to turn off code-signing checks, loads its own unsigned driver unobstructed, and then instructs it to kill off the processes and files of antivirus products, including their kernel drivers. RobbinHood may well require administrator access to load the vulnerable motherboard driver in the first place, so you may be thinking what&#8217;s the point of all of this: if you&#8217;re a miscreant with admin access, you can do anything you like.<\/p>\n<p>However, the aim appears to be the silent killing of any anti-malware products that would block the malicious unsigned driver loading and\/or the file-scrambling process, all without alerting any users.<\/p>\n<p>After their files are scrambled, victims can either pay to retrieve their files or hope to restore from a previous good backup. In the case of Robbinhood, those infected have included the cities of Baltimore, MD and Greenville, NC, in the US.<\/p>\n<p>Because the malware can download and run its own signed yet vulnerable copy of the software, patching the driver won&#8217;t guarantee safety. Instead, Sophos recommends admins limit who has superuser access, layer security protections to minimize the spread of malware and its damaging effects, enforce best practices with passwords and multi-factor authentication, and educate users so that the trojan can&#8217;t get a foothold on their machines in the first place. Plus the usual drum beat of patching and keeping antivirus up to date.<\/p>\n<p>We&#8217;ll let you know if Symantec, which now owns the outfit that signed the driver for Gigabyte, has any comment or has revoked the software&#8217;s digital certificate to prevent it from running. \u00ae<\/p>\n<p class=\"wptl btm\"><span>Sponsored:<\/span> <a href=\"https:\/\/go.theregister.co.uk\/tl\/1889\/-8120\/detecting-cyber-attacks-as-a-small-to-medium-business?td=wptl1889\">Detecting cyber attacks as a small to medium business<\/a><\/p>\n<p>READ MORE <a href=\"https:\/\/go.theregister.co.uk\/feed\/www.theregister.co.uk\/2020\/02\/11\/forgotten_gigabte_driver_robbinhood\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Old Gigabyte code lets file-scrambling RobbinHood go undetected A kernel-level driver for old PC motherboards has been abused by criminals to hijack Windows computers, disable antivirus, and hold files to ransom.\u2026  READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":33255,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-33254","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Forgotten motherboard driver turns out to be perfect for slipping Windows ransomware past antivirus checks 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/forgotten-motherboard-driver-turns-out-to-be-perfect-for-slipping-windows-ransomware-past-antivirus-checks\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Forgotten motherboard driver turns out to be perfect for slipping Windows ransomware past antivirus checks 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/forgotten-motherboard-driver-turns-out-to-be-perfect-for-slipping-windows-ransomware-past-antivirus-checks\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2020-02-11T02:00:32+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/02\/forgotten-motherboard-driver-turns-out-to-be-perfect-for-slipping-windows-ransomware-past-antivirus-checks.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"174\" \/>\n\t<meta property=\"og:image:height\" content=\"115\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/forgotten-motherboard-driver-turns-out-to-be-perfect-for-slipping-windows-ransomware-past-antivirus-checks\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/forgotten-motherboard-driver-turns-out-to-be-perfect-for-slipping-windows-ransomware-past-antivirus-checks\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Forgotten motherboard driver turns out to be perfect for slipping Windows ransomware past antivirus checks\",\"datePublished\":\"2020-02-11T02:00:32+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/forgotten-motherboard-driver-turns-out-to-be-perfect-for-slipping-windows-ransomware-past-antivirus-checks\\\/\"},\"wordCount\":533,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/forgotten-motherboard-driver-turns-out-to-be-perfect-for-slipping-windows-ransomware-past-antivirus-checks\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/02\\\/forgotten-motherboard-driver-turns-out-to-be-perfect-for-slipping-windows-ransomware-past-antivirus-checks.jpg\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/forgotten-motherboard-driver-turns-out-to-be-perfect-for-slipping-windows-ransomware-past-antivirus-checks\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/forgotten-motherboard-driver-turns-out-to-be-perfect-for-slipping-windows-ransomware-past-antivirus-checks\\\/\",\"name\":\"Forgotten motherboard driver turns out to be perfect for slipping Windows ransomware past antivirus checks 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/forgotten-motherboard-driver-turns-out-to-be-perfect-for-slipping-windows-ransomware-past-antivirus-checks\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/forgotten-motherboard-driver-turns-out-to-be-perfect-for-slipping-windows-ransomware-past-antivirus-checks\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/02\\\/forgotten-motherboard-driver-turns-out-to-be-perfect-for-slipping-windows-ransomware-past-antivirus-checks.jpg\",\"datePublished\":\"2020-02-11T02:00:32+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/forgotten-motherboard-driver-turns-out-to-be-perfect-for-slipping-windows-ransomware-past-antivirus-checks\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/forgotten-motherboard-driver-turns-out-to-be-perfect-for-slipping-windows-ransomware-past-antivirus-checks\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/forgotten-motherboard-driver-turns-out-to-be-perfect-for-slipping-windows-ransomware-past-antivirus-checks\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/02\\\/forgotten-motherboard-driver-turns-out-to-be-perfect-for-slipping-windows-ransomware-past-antivirus-checks.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/02\\\/forgotten-motherboard-driver-turns-out-to-be-perfect-for-slipping-windows-ransomware-past-antivirus-checks.jpg\",\"width\":174,\"height\":115},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/forgotten-motherboard-driver-turns-out-to-be-perfect-for-slipping-windows-ransomware-past-antivirus-checks\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Forgotten motherboard driver turns out to be perfect for slipping Windows ransomware past antivirus checks\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Forgotten motherboard driver turns out to be perfect for slipping Windows ransomware past antivirus checks 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/forgotten-motherboard-driver-turns-out-to-be-perfect-for-slipping-windows-ransomware-past-antivirus-checks\/","og_locale":"en_US","og_type":"article","og_title":"Forgotten motherboard driver turns out to be perfect for slipping Windows ransomware past antivirus checks 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/forgotten-motherboard-driver-turns-out-to-be-perfect-for-slipping-windows-ransomware-past-antivirus-checks\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2020-02-11T02:00:32+00:00","og_image":[{"width":174,"height":115,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/02\/forgotten-motherboard-driver-turns-out-to-be-perfect-for-slipping-windows-ransomware-past-antivirus-checks.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/forgotten-motherboard-driver-turns-out-to-be-perfect-for-slipping-windows-ransomware-past-antivirus-checks\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/forgotten-motherboard-driver-turns-out-to-be-perfect-for-slipping-windows-ransomware-past-antivirus-checks\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Forgotten motherboard driver turns out to be perfect for slipping Windows ransomware past antivirus checks","datePublished":"2020-02-11T02:00:32+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/forgotten-motherboard-driver-turns-out-to-be-perfect-for-slipping-windows-ransomware-past-antivirus-checks\/"},"wordCount":533,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/forgotten-motherboard-driver-turns-out-to-be-perfect-for-slipping-windows-ransomware-past-antivirus-checks\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/02\/forgotten-motherboard-driver-turns-out-to-be-perfect-for-slipping-windows-ransomware-past-antivirus-checks.jpg","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/forgotten-motherboard-driver-turns-out-to-be-perfect-for-slipping-windows-ransomware-past-antivirus-checks\/","url":"https:\/\/www.threatshub.org\/blog\/forgotten-motherboard-driver-turns-out-to-be-perfect-for-slipping-windows-ransomware-past-antivirus-checks\/","name":"Forgotten motherboard driver turns out to be perfect for slipping Windows ransomware past antivirus checks 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/forgotten-motherboard-driver-turns-out-to-be-perfect-for-slipping-windows-ransomware-past-antivirus-checks\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/forgotten-motherboard-driver-turns-out-to-be-perfect-for-slipping-windows-ransomware-past-antivirus-checks\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/02\/forgotten-motherboard-driver-turns-out-to-be-perfect-for-slipping-windows-ransomware-past-antivirus-checks.jpg","datePublished":"2020-02-11T02:00:32+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/forgotten-motherboard-driver-turns-out-to-be-perfect-for-slipping-windows-ransomware-past-antivirus-checks\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/forgotten-motherboard-driver-turns-out-to-be-perfect-for-slipping-windows-ransomware-past-antivirus-checks\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/forgotten-motherboard-driver-turns-out-to-be-perfect-for-slipping-windows-ransomware-past-antivirus-checks\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/02\/forgotten-motherboard-driver-turns-out-to-be-perfect-for-slipping-windows-ransomware-past-antivirus-checks.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/02\/forgotten-motherboard-driver-turns-out-to-be-perfect-for-slipping-windows-ransomware-past-antivirus-checks.jpg","width":174,"height":115},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/forgotten-motherboard-driver-turns-out-to-be-perfect-for-slipping-windows-ransomware-past-antivirus-checks\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Forgotten motherboard driver turns out to be perfect for slipping Windows ransomware past antivirus checks"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/33254","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=33254"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/33254\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/33255"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=33254"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=33254"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=33254"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}