A New Threat: Akira Ransomware Disables Microsoft Defender Using Legitimate Driver

Most modern Windows PCs rely on Microsoft Defender as their first line of defense against malware. Over the years, it has evolved into a capable and often underrated antivirus that blocks a wide range of threats. But a hacker group has found a way to abuse a legitimate Intel CPU tuning driver in a “Bring Your Own Vulnerable Driver” (BYOVD) attack to completely disable Microsoft Defender.

The technique has been observed since mid-July 2025 and is already being used in active ransomware campaigns. The method doesn’t rely on exploiting a software bug or delivering an obviously malicious file. Instead, it takes advantage of how the Windows driver system is designed to allow deep hardware access.

Akira Ransomware Targets Microsoft Defender and SonicWall VPNs

The same group has also been linked to attacks targeting SonicWall VPN devices. SonicWall has stated that these incidents likely involve a known vulnerability, CVE-2024-40766, rather than a brand-new zero-day. The company recommends restricting VPN access, enabling multi-factor authentication, and disabling unused accounts as immediate defenses.

See also  Never need an EV charging station again with these rooftop solar power panels

Akira attacks often involve stealing data, setting up hidden remote access, and deploying ransomware to encrypt files across an organization. Security experts warn that fake or lookalike websites are increasingly being used to distribute these malicious tools.

6 Ways to Protect Yourself Against Akira Ransomware and Similar Threats

The Microsoft Defender attack is smart and dangerous, but you’re not without defenses. Here are a few tips to help you stay safe:

1) Use Strong Antivirus Software

Even with regular updates, Windows systems can be left exposed if built-in defenses are disabled. A strong antivirus software with real-time protection, kernel-level monitoring, and frequent updates can provide backup security.

2) Limit Exposure

Many exploits rely on user interaction, such as clicking a shady link, downloading a compromised file, or mounting an untrusted virtual disk. Stick to reputable websites, avoid opening unsolicited email attachments, and use a browser with built-in security features.

3) Avoid Running Unexpected Commands

Never paste or run commands you don’t understand or that were copied from random websites. Attackers often trick users into unknowingly running malware this way.

4) Keep Your Software Updated

Regularly update your operating system, browsers, and all software applications. Updates often include patches for security vulnerabilities that malware can exploit.

5) Use Two-Factor Authentication (2FA)

Enable 2FA on all your accounts. This adds an extra layer of security by requiring a second form of verification, making it harder for attackers to gain access even if they have your password.

6) Invest in Personal Data Removal Services

Even with strong device security, your personal information may still be exposed online through data brokers and people-finder sites.

See also  Biden admin suppressed intel officials' views supporting COVID lab leak theory

Kurt’s Key Takeaway

Akira’s trick shows a bigger flaw in how Windows trusts certain tools. A driver meant for harmless CPU tuning ends up being the key to turning security off. Since it’s from a legitimate source, Windows just lets it through without asking questions. We tend to think hackers always break in from the outside. Here, they’re already inside the circle of trust, using the system’s own rules.

Copyright 2025 CyberGuy.com. All rights reserved.