216.73.216.86

GodDamn Ransomware: Latest Beast Rebrand Uses Malicious Driver to Disable Defenses

· Published 09/07/2026 14:53

Export JSON

Essential information

Published
09/07/2026 14:53
Modified
Source / Author
AlienVault
Confidence
100/100
Report type(s)
threat-report
Labels / Tags
anydesk beast byovd credential harvesting defense evasion goddamn kernel driver mimikatz monster poisonx poisonx driver
Related entities
20 indicators, 1 intrusion sets (apt), 19 techniques (mitre), 5 malware

Description

GodDamn ransomware represents the third iteration of ransomware developed by Hyadina, following (2022) and (2024). A recent attack in June 2026 demonstrates sophisticated tactics including for remote access, NirSoft-based tools, and the PoisonX for . PoisonX is a malicious driver signed by Microsoft that terminates security processes at the kernel level. Attackers used PsExec for lateral movement, deployed comprehensive credential theft toolkits comprising 14 different tools, and disabled endpoint defenses before encrypting files. The encrypted files were renamed with victim organization names as extensions. The four-day dwell period allowed attackers to stage payloads and conduct reconnaissance before triggering encryption across at least 10 hosts within the targeted organization.

External references