The infiltrators disable Windows Defender using the Intel CPU driver in the attacks

newYou can now listen to Fox News!

Most computers that run modern Windows adopt Microsoft Defender as the first line of defense against harmful programs. Over the years, it has developed into combating often capable of preventing a wide range of threats. But the Hacker has found a way to abuse the INTEL CPU in “Bring your weak driver” (BYVD) to completely disable Microsoft Defender.

This technology has been observed since mid -July 2025 and is already used in active ransom campaigns. The method does not depend on exploiting a program error or submitting a clear harmful file. Instead, it benefits from how to design the Windows driver system to allow the deep access of the devices.

Let’s discuss everything you need to know about the attack and how you can stay safe.

How do you target you even without social media

Subscribe to the free Cyberguy report
Get my best technical advice, urgent safety alerts, and exclusive deals that are connected directly to your inbox. In addition, you will get immediate access to the ultimate survival guide – for free when joining my country Cyberguy.com Newsletter.

The person looks at his computer screen full of symbol and phrase "access."

Akira Ransomware Group takes advantage of the CPU’s legal program in CPU in electronic attacks to disable Microsoft Defender completely on Windows systems. (Cyberguy “Knutsson)

How to disrupt Akira Ransomware Defender Microsoft

Akira Ransomware has developed a new group to overcome safety tools using legitimacy Intel The RWDRV.SYS control unit is called the Routtlestop Performance Tool. The security company Guidepoint Security says that the attackers are downloading this driver to reach the Kernel level to Windows systems, then install a second harmful driver, HLPDRV.SYS, which changes the preparation of the Disableantispyware via Reededit.exe to close Microsoft Defender.

Once the defender is disrupted, the attackers can run other harmful programs without discovery. Guidepoint says this method has been constantly monitored in Akira’s campaigns since mid -July.

The Akira Ransomware Group is infiltrated into Windows operating systems by exploiting a legitimate driver to access. (Cyberguy “Knutsson)

Akira Ransomware target Microsoft Defender and Sonicwall VPNS

The same group has also been linked to attacks targeting VPN Sonicwall devices. Sonicwall stated that these accidents probably involve known weakness, CVE-2024-40766, instead of a new zero day. The company recommends restricting access to VPN, enabling multiple factors, and disabled unused accounts as immediate defenses.

Akira attacks It often includes data theft, access from the hidden dimension, and the publication of the Ransomware program to encrypt the files across the institution. Security experts warn against using fake or increasingly similar web sites to distribute these harmful tools.

The FBI warns of the elderly of the amount of one billion dollars to defraud to drain the pension funds, says the expert who leads it to artificial intelligence.

Researchers at Guidepoint published YARA discovery base, along with file names, service names, Sha-256 retail, and file paths to help define this activity. Officials recommend actively monitoring these indicators, applying liquidation rules and prohibiting them with the emergence of a new IOCS, and downloading programs only from official or verified sources.

We have contacted Microsoft to comment, but we haven’t heard again before the deadline.

The divided image shows pirates and a Windows laptop.

Anti -virus programs and authentication services are Than (Cyberguy.com)

6 ways to protect yourself against Akira Ransomwari and similar threats

Microsoft Defender attack is smart and dangerous, but you are not without defenses. Here are some tips to help you stay safe:

1) Using a strong anti -virus program

Even with regular updates, Windows can be left exposed if the built -in defenses are disabled. A strong anti -virus program with actual time protection, nucleus monitoring, frequent updates can provide backup safety. The best way to protect yourself from malicious links that prove harmful programs, which may reach your own information, is to install a strong antivirus program on all your devices. This protection can also be alerted to relieving emails and fraud on Ransomwari, and maintaining your personal information and digital assets.

Get the best winners to protect antivirus 2025 for Windows, Mac and Android & iOS devices on Cyberguy.com.

2) Reducing exposure

Many dictates depend on the user interaction, such as clicking on a shaded link, downloading a file at risk, or installing an unreliable virtual disk. Adhere to the good reputable websites, avoid opening unwanted email attachments, and use a browser with built -in safety features (such as Microsoft Edge or Chrome with a safe browsing).

3) Avoid running unexpected orders

Do not be surprised or running orders (such as Powershell) that you do not understand or have been copied from random web sites. Attacks often deceive users in running harmful programs in this manner unaware.

Google confirms the stolen data in Breach by the well -known Hacker collection

4) Keep update your program

Update the operating system, browsers and all software applications regularly. Updates often include corrections of security gaps that can be exploited by malware.

5) Using dual -factor authentication (2FA)

2FA empowerment On all your accounts. This adds an additional layer of safety by requesting a second form of verification, which makes it difficult for the attackers to reach even if they have your password.

6) Investing in personal data removal services

Even with a strong safety of devices, your personal information may still be displayed online through data brokers and individual tools sites.

While no service to ensure the full removal of your data from the Internet, a Data removal service It is really a smart choice. It is not cheap – nor is it your privacy. These services do all work for you through effective monitoring and systematically erasing your personal information from hundreds of websites. This gives me peace of mind and has proven to be the most effective way to erase your personal data from the Internet. By reducing the available information, you reduce the risk of referring to the cross -cut data from the violations of information that they may find on the dark web, making it difficult for them to target you.

Check the best data removal services and get a free check to see if your personal information is already on the web through the visit Cyberguy.com.

Get a free examination to see if your personal information is already on the web: Cyberguy.com.

Click here to get the Fox News app

Court Kisa Curt

Akira trick shows a greater defect in how to install Windows for certain tools. A driver for controlling the CPU is not harmful to end with a safety stop key. Since it is from a legitimate source, Windows only allows this without asking questions. We tend to think about infiltrators from the outside. Here, they are already in the confidence circle, using special system rules.

Should Microsoft more do more to stop Ransomware sets from defending the defender? Let’s know through writing to us in Cyberguy.com.

Kurt “Cyberguy” Knutsson is a prize -winning technical journalist and has a deep love for technology, equipment and tools that make life better through his contributions to Fox News & Fox that begins in “Fox & Friends”. Do you have a technical question? Get the free newsletter for Kurt Cyberguy, share your voice, or a story or comment in Cyberguy.com.

https://static.foxnews.com/foxnews.com/content/uploads/2025/08/microsoft-store-new-york-city.jpg

Source link