When the Gatekeeper Signs the Weapon: 'GodDamn' Ransomware Turns Microsoft's Own Trust System Against US Companies
A new ransomware operation dubbed 'GodDamn' is attacking US companies using a weapon that shouldn't exist: a malicious kernel driver that Microsoft itself signed as legitimate. That signature is the digital equivalent of a government seal of approval—and attackers are using it to walk past security software and shut it down before deploying ransomware. If your employer's defenses trust Microsoft's stamp (nearly all do), this attack is designed to exploit exactly that trust.
Bottom Line
THE BOTTOM LINE: The GodDamn ransomware campaign matters less for its name than for what it exploits—a malicious driver bearing Microsoft's own signature, used to execute security tools before encryption begins. This is a trust-infrastructure failure, not just another malware strain, and it's part of a recurring pattern in which attackers target the certification process itself. Companies that rely on signature-based trust as a primary defense should treat that assumption as broken until Microsoft explains how this driver got through.