An infamous ransomware group called Akira has discovered a new method to disable Microsoft Defender, the built-in antivirus software in Windows.
Instead of using a virus or malware, they are now using a legitimate CPU tuning tool called ThrottleStop. This tool is normally used to control computer performance, but Akira hackers are misusing it to disable antivirus protection silently.
They install a special driver (called rwdrv.sys) from the tool, which gives them access to important system settings. Then, they change the Windows Registry to turn off Defender without being noticed. This makes it easier for them to infect the computer with ransomware and lock files.
Security experts warn that this method is hard to detect because it uses trusted software. It shows how hackers are getting more creative and using legal tools for harmful purposes.
To stay safe, users and businesses should:
- Avoid installing unknown software or drivers,
- Keep their systems updated,
- Use advanced security tools,
- And regularly back up important data.
Microsoft and cybersecurity teams are keeping a close eye on this new threat and recommending extra care when dealing with system tools like ThrottleStop.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
