Skip to content
July 16, 2026
  • Home
  • About us
  • Contact us
  • Newsletter
  • Privacy Policy
Political Economist

Political Economist

A liberal News reporting Politics, Sports, Business, Commentaries

  • Home
  • National News
    • Metro News
      • metro
    • Society
    • Crime and Justice
  • Special Reports
    • Investigation
    • Features
    • Interviews
  • Opinion
    • Commentaries
    • Perspectives
  • Press Releases
  • International News
  • Business & Economy
  • Politics
Watch Online
  • Home
  • National News
  • Blackbyte Ransomware Abuses Legit Driver to Disable Security Products – NCC-CSIRT
  • National News

Blackbyte Ransomware Abuses Legit Driver to Disable Security Products – NCC-CSIRT

Admin October 8, 2022
Hackers

NCC logo

October 8, 2022

The Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) has flagged a high-impact threat to Windows operating system, the Blackbyte Ransomware, which has the capacity to bypass protections by disabling more than 1,000 drivers used by various security solutions.

In a statement by the Director Public Affairs of the Commission, Reuben Muoka on Saturday, the NCC-CSIRT said the BlackByte ransomware gang, which is using a new technique that researchers called, “Bring Your Own Vulnerable Driver,” is exploiting the security issue that allowed it to disable drivers that prevent multiple Endpoint Detection and Response (EDR) and antivirus products like Avast, Sandboxie, Windows DbgHelp Library, and Comodo Internet Security, from operating normally.

Recent attacks attributed to this group involved a version of the MSI Afterburner RTCore64.sys driver, which is vulnerable to a privilege escalation and code execution flaw tracked as CVE-2019-16098.

The “Bring Your Own Vulnerable Driver” (BYOVD) method is effective because the vulnerable drivers are signed with a valid certificate and run with high privileges on the system.

Two notable recent examples of BYOVD attacks include Lazarus, abusing a buggy Dell driver and unknown hackers abusing an anti-cheat driver/module for the Genshin Impact game.

The NCC-CSIRT advisory recommended that system administrators protect against BlackByte’s new security bypassing trick by adding the particular MSI driver to an active blocklist, monitoring all driver installation events, and scrutinising them frequently to find any rogue injections that do not have a hardware match.

The CSIRT is the telecom sector’s cyber security incidence centre set up by the NCC to focus on incidents in the telecom sector and as they may affect telecom consumers and citizens at large.

The CSIRT also works collaboratively with the Nigeria Computer Emergency Response Team (ngCERT), established by the Federal Government to reduce the volume of future computer risk incidents by preparing, protecting, and securing Nigerian cyberspace to forestall attacks, and problems or related events.

  • Facebook
  • Share on X
  • LinkedIn
  • WhatsApp
  • Email
  • Copy Link
Tags: Blackbyte ransomware BYOVD NCC-CSIRT Reuben Muoka

Post navigation

Previous Surge in Gambia child deaths linked cough syrup under control, president says
Next Flood: Anambra community cries for help as scores of persons missing in a boat mishap

Related Stories

Troops apprehend terrorist informants, logistics suppliers in Borno Troops
  • National News

Troops apprehend terrorist informants, logistics suppliers in Borno

July 16, 2026
Federal, state government projects in Imo justify fuel subsidy removal – Presidency 
  • National News

Federal, state government projects in Imo justify fuel subsidy removal – Presidency 

July 16, 2026
FG Rolls Out Reintegration Plans for 1,485 Nigerian Returnees from South Africa
  • National News

FG Rolls Out Reintegration Plans for 1,485 Nigerian Returnees from South Africa

July 16, 2026
logo

Political Economist is a liberal news magazine with global affiliations.

At Political Economist, we promote free enterprise and act as a catalyst for the growth of knowledge economy. We are proudly pan-Nigeria yet richly spiced with African and global news. We offer a fair and balanced news reportage presented by our team of well-heeled professional journalists. <

About us

  • 5 Olutosin Ajayi Street, By CPM Church, Ajao Estate, Lagos State, Nigeria
  • +234 805 680 1124
  • info@politicaleconomistng.com

Follow

Subscribe to notifications

You may have missed

CAC Set to Strike Off 100,000 Dormant Companies over Failure to File Annual Returns new forms of business
  • Business & Economy

CAC Set to Strike Off 100,000 Dormant Companies over Failure to File Annual Returns

July 16, 2026
Enugu Govt Suspends Three Traditional Rulers, Four Town Union Leaders Over Security Breaches government area
  • Metro News

Enugu Govt Suspends Three Traditional Rulers, Four Town Union Leaders Over Security Breaches

July 16, 2026
Kano Hisbah bans commercial film distribution on phones at charging centres Hisbah in Kano
  • Metro News

Kano Hisbah bans commercial film distribution on phones at charging centres

July 16, 2026
Over $12bn traded on World Cup prediction market ahead of Spain-Argentina final
  • Sports

Over $12bn traded on World Cup prediction market ahead of Spain-Argentina final

July 16, 2026
  • Home
  • About us
  • Contact us
  • Newsletter
  • Privacy Policy
Copyright © All rights reserved. | DarkNews by AF themes.