Ransomware criminals are exploiting a security flaw in the Paragon Partition Manager's trusted Windows kernel-level driver, BioNTdrv.sys. This driver, designed for managing storage partitions, is Microsoft-approved and signed, which allows attackers to misuse it for SYSTEM-level access. Even if the Paragon application is not installed, attackers can employ the BYOVD technique to compromise systems by deploying copies of the driver. CERT/CC has identified five vulnerabilities in the driver that have already been exploited in the wild, putting users at risk of significant damage.
The exploitation of Paragon Partition Manager’s trusted kernel-level driver allows attackers to hijack systems through the BYOVD technique, even without Paragon installed.
According to CERT/CC, one of the five now-fixed security flaws in Paragon Partition Manager's driver has been abused in the wild by ransomware miscreants.
Collection
[
|
...
]