The Bottom Line: GodDamn ransomware uses the PoisonX driver to disable security solutions at kernel level and is assessed as a rebrand of Beast ransomware.
A new ransomware family named GodDamn deploys the PoisonX kernel driver to deactivate security software and thus circumvent defensive measures. Symantec’s Threat Hunter Team documents first sightings in the wild since May 21, 2026.
Cybersecurity researchers have identified the new ransomware family GodDamn, which uses the PoisonX kernel driver to neutralize security software. This is a core element of its strategy to evade endpoint detection systems.
Symantec’s Threat Hunter Team documents initial public sightings of this malware since May 21, 2026. The ransomware is classified as a rebrand of the already known Beast ransomware family. The use of a kernel driver enables the attacker to disable protections at system level before encryption routines are executed.
For CISOs, this significantly heightens the requirements for endpoint security architecture: kernel exploits and driver-based attacks require not only traditional signature-based detection, but also measures for kernel integrity and behavioral monitoring at deeper system levels. GodDamn’s ability to disable established protection tools underscores the necessity of multi-layer defenses and backup detection mechanisms that operate independently of standard disabled security software.
Source: thehackernews.com · Published July 9, 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification via Lumi News Pipeline v1.7.3.