GodDamn Ransomware: Latest Beast Rebrand Uses Malicious Driver to Disable Defenses
Essential information
- Published
- 09/07/2026 14:53
- Modified
- —
- Source / Author
- AlienVault
- Confidence
- 100/100
- Report type(s)
- threat-report
- Labels / Tags
- anydesk beast byovd credential harvesting defense evasion goddamn kernel driver mimikatz monster poisonx poisonx driver
- Related entities
- 20 indicators, 1 intrusion sets (apt), 19 techniques (mitre), 5 malware
Description
GodDamn ransomware represents the third iteration of ransomware developed by Hyadina, following Monster (2022) and Beast (2024). A recent attack in June 2026 demonstrates sophisticated tactics including AnyDesk for remote access, NirSoft-based credential harvesting tools, and the PoisonX kernel driver for defense evasion. PoisonX is a malicious driver signed by Microsoft that terminates security processes at the kernel level. Attackers used PsExec for lateral movement, deployed comprehensive credential theft toolkits comprising 14 different tools, and disabled endpoint defenses before encrypting files. The encrypted files were renamed with victim organization names as extensions. The four-day dwell period allowed attackers to stage payloads and conduct reconnaissance before triggering encryption across at least 10 hosts within the targeted organization.