GodDamn ransomware uses signed PoisonX kernel driver
🛡️ GodDamn is a newly observed ransomware family that employs a signed PoisonX kernel driver and a Symantec‑masquerading user‑mode tool to disable endpoint protections. First spotted on May 21, 2026, Broadcom's Threat Hunter Team attributes the lineage to the Hyadina developer and links it to earlier Beast and Monster variants. Attacks used AnyDesk, PsExec, credential harvesters and lateral movement to compromise multiple hosts before deploying the encryptor.
