{"id":212312,"date":"2026-02-11T10:01:00","date_gmt":"2026-02-11T15:01:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/02\/11\/reynolds-ransomware-uses-byovd-to-disable-security-before-encryption\/"},"modified":"2026-02-11T11:10:14","modified_gmt":"2026-02-11T16:10:14","slug":"reynolds-ransomware-uses-byovd-to-disable-security-before-encryption","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/02\/11\/reynolds-ransomware-uses-byovd-to-disable-security-before-encryption\/","title":{"rendered":"Reynolds ransomware uses BYOVD to disable security before encryption"},"content":{"rendered":"

Reynolds ransomware uses BYOVD to disable security before encryption<\/a><\/p>\n

https:\/\/securityaffairs.com\/187869\/security\/reynolds-ransomware-uses-byovd-to-disable-security-before-encryption.html<\/a><\/p>\n

Publish Date: 2026-02-11 10:01:00<\/a><\/p>\n

Source Domain: securityaffairs.com<\/a><\/p>\n

Reynolds ransomware uses BYOVD to disable security before encryption<\/h2>\n<\/p>\n

\t\t\t\t\t\t\t Pierluigi Paganini<\/span>
\n\t\t\t\t\t\t\t\"\"\/ February 11, 2026<\/span><\/p>\n

\t\t\t\t\t\t\"\"\/<\/p>\n

Researchers discovered Reynolds ransomware, which uses BYOVD technique to disable security tools and evade detection before encryption.<\/h2>\n

Researchers found a new ransomware, named Reynolds, that implements the Bring Your Own Vulnerable Driver (BYOVD) technique to disable security tools and evade detection before encrypting systems.<\/p>\n

Broadcom\u2019s cybersecurity researchers initially attributed the attack to Black Basta due to similar tactics, but further analysis confirmed the payload was Reynolds, a new ransomware family. The campaign stands out because it embeds a bring-your-own-vulnerable-driver (BYOVD) component directly inside the ransomware. Instead of deploying a separate tool to disable security software, Reynolds bundles the vulnerable NsecSoft driver within its payload to evade detection.<\/p>\n

Bring Your Own Vulnerable Driver (BYOVD) is an attack technique where threat actors use a legitimate but flawed driver to bypass security controls.<\/p>\n

Instead of exploiting a new vulnerability, attackers install a signed, trusted driver<\/strong> that contains known security flaws. Because the driver is legitimately signed, Windows allows it to load. Once running, attackers exploit the driver\u2019s weakness to:<\/p>\n