The hackers found a way to turn off the Windows defender remotely
NEWNow you can listen to News articles!
Most modern Windows PCs trust Microsoft to defend as their first line of defense against malware. Over the years, it has become a capable antivirus already underestimated that blocks a wide range of threats. But a group of computer pirates has found a way of abusing a legitimate conductor of adjustment of the Intel CPU in an attack of “bringing its own vulnerable driver” (Byovd) to completely disable the Microsoft defender.
The technique has been observed since mid -July 2025 and is already being used in active ransomware campaigns. The method does not depend on exploiting a software error or delivering an obviously malicious file. Instead, take advantage of how the Windows controllers system is designed to allow deep hardware access.
Let us discuss everything you need to know about the attack and how it can be kept safe.
How scammers attack you even without social networks
Register for my free Cyberguy report
Get my best technological tips, urgent security alerts and exclusive offers delivered directly to your inbox. In addition, you will get instant access to my definitive scam survival guide, free when it joins me Cyberguy.com Information sheet.
The AKIRA Ransomware group exploits a legitimate CPU Intel adjustment controller in cyber attacks to completely disable Microsoft defending in Windows systems. (Kurt “Cyberguy” Knutsson)
How Akira Ransomware disables Microsoft Defend
The Akira Ransomware Group has developed a new way to avoid safety tools using a legitimate Intel CPU adjustment controller called RWDRV.SYS of the TrotTlastop performance change tool. GuidePoint Security of the security firm says that the attackers carry this controller to obtain the core level to the Windows systems, then install a second malicious controller, HLPDRV.SYS, which changes the configuration of the Disagentispyware Register through the Regedit.exe to close Microsoft Defender.
Once the defender is disabled, attackers can execute other malicious programs without being detected. Guidepoint says that this method has been consistently seen in Akira campaigns since mid -July.
The Akira Ransomware Group has infiltrated Windows operating systems when exploiting a legitimate controller to get access. (Kurt “Cyberguy” Knutsson)
Akira ransomware goes to Microsoft Defender and Sonicwall VPNS
The same group has also been linked to attacks aimed at Sonicwall VPN devices. Sonicwall has declared that these incidents probably imply a known vulnerability, CVE-2024-40766, instead of a zero day. The company recommends restricting access to VPN, enabling multiple factors authentication and disabled accounts not used as immediate defenses.
Akira attacks often involve stealing data, configuring hidden remote access and implementing ransomware to encrypt files in an organization. Security experts warn that false or similar websites are increasingly used to distribute these malicious tools.
The FBI warns the elderly on the scam of billions of dollars that drain retirement funds, the expert says that AI drives it
Guidepoint researchers have published a Yara detection rule, along with file names, service names, Hashes SHA-256 and file routes to help identify this activity. They recommend that the administrators actively supervise these indicators, apply filtering and blocking rules as the new IOC emerge, and only download software from official or verified sources.
We communicate with Microsoft for a comment, but we do not receive an answer before our deadline.
Antivirus software, two factors authentication and data removal services are just some ways in which Windows users can protect themselves from computer pirates. (Cyberguy.com)
6 ways to protect against Akira ransomware and similar threats
Microsoft’s defense attack is intelligent and dangerous, but you are not exempt from defenses. Here are some tips to help you stay safe:
1) Use strong antivirus software
Even with regular updates, Windows systems can be left exposed if incorporated defenses are disabled. A strong antivirus software with real -time protection, nucleus level monitoring and frequent updates can provide backup safety. The best way to safeguard the malicious links that install malware, which potentially access their private information, is to have strong antivirus software installed on all its devices. This protection can also alert it to the PHISHING Electronic Correos and Ransomware scams, maintaining their personal information and their safe digital assets.
Get my elections for the best 2025 antivirus protection winners for their Windows, Mac, Android and iOS devices in Cyberguy.com.
2) limit exposure
Many exploits depend on the user’s interaction, such as clicking on a shaded link, downloading a compromised file or setting up an unreliable virtual disc. Peel with good reputation websites, avoid opening unplayed email attachments and use a browser with built -in safety features (such as Microsoft Edge or Chrome with authorized safe navigation).
3) Avoid running unexpected commands
Never paste or run the commands (such as Powershell scripts) that do not understand or were copied from random websites. The attackers often deceive users to execute without knowing malware in this way.
Google confirms the stolen data in rape by the known hacker group
4) Keep your updated software
Regularly update your operating system, browsers and all software applications. Updates often include patches for security vulnerabilities that malware can exploit.
5) Use two factors authentication (2FA)
Enable 2FA in all your accounts. This adds an additional security layer when requiring a second form of verification, which makes it difficult for the attackers to obtain access even if they have their password.
6) Invest on personal data elimination services
Even with strong device safety, your personal information can still be exposed online through data corridors and back sites.
While no service can guarantee the complete elimination of your Internet data, a data removal service is really an intelligent option. They are not cheap, and it is not your privacy either. These services do all the work by you by actively monitoring and systematically erasing your personal information from hundreds of websites. It is what gives me peace of mind and has proven to be the most effective way to erase your personal internet data. By limiting the available information, it reduces the risk of cross -references data of infractions with information they can find in the dark network, which makes it difficult to be pointed out.
See my best selections to obtain data removal services and get a free scan to find out if your personal information is now available on the web visiting Cyberguy.com.
Get a free scan to find out if your personal information is already on the web: Cyberguy.com.
Click here to get the News application
Kurt key takeway
Akira’s trick shows a larger defect in the way Windows trusts certain tools. A conductor for the harmless tuning of the CPU ends up being the key to turning off security. As is of a legitimate source, Windows lets him pass without asking questions. We tend to think that computer pirates always enter from outside. Here, they are already within the circle of trust, using the system rules themselves.
Should Microsoft do more to prevent ransomware groups from disabled the defender? Get us knowing in Cyberguy.com.
Register for my free Cyberguy report
Get my best technological tips, urgent security alerts and exclusive offers delivered directly to your inbox. In addition, you will get instant access to my definitive scam survival guide, free when it joins me Cyberguy.com Information sheet.
Copyright 2025 Cyberguy.com. All rights reserved.
Kurt “Cyberguy” Knutsson is a award -winning technological journalist who has a deep love for technology, equipment and devices that improve life with their contributions for News & News Business Startzing Mornings in “News & Friends”. Do you have a technological question? Get the free Kurt’s free newsletter, share your voice, an idea of the story or comment on Cyberguy.com.