Akira Ransomware Outsmarts Microsoft Defender—Here’s What You Can Do
October 28, 2025
Imagine your computers' defense against malware, in this case Microsoft Defender, getting turned off while you stand by recharging yourself by refilling your coffee mug. While in most cases, having hands-free ways to accomplish our daily tasks is good, in this case—not so much. But, that’s exactly what the Akira ransomware gang figured out how to do, and they are doing it.
According to security researchers, and reported by Bleeping Computer, Akira performs a sneaky two-step trick. First, they install a legitimate Intel driver offered up as a service to gain deep “kernel-level” access to your system. That’s the most generous possible level that gives them the keys to the kingdom. Once they get that, they load a malicious partner driver that flips Defender’s anti-spyware settings off by tweaking your system registry—basically telling Defender to go to sleep—even while your system looks “protected.” This is a classic Bring Your Own Vulnerable Driver (BYOVD) move. Yes, there’s an acronym for everything these days.
What happens if they pull this off?
With Defender out of the way, ransomware can wander in unhindered, encrypting your files, exfiltrating data, and causing serious damage—without raising a red flag. The attackers can do whatever they want to do.
Here’s what you can do to stay safe:
Avoid downloading software of any kind from unofficial or unverified sources. Stick to trusted sites only. On your mobile devices, this means using only the official app store for your device.
- IT teams: Watch for suspicious activity tied to those driver names, service registrations, and file paths.
- Keep Defender, Windows updates, and your security tools fully updated, regardless of what type of operating system you’re using, including those on Apple devices. Even good tools can be turned against you if they’re outdated.
Bottom line: Akira got clever—and so should you. Don’t let malware sneak in through the back door. Stay updated, stay vigilant, and keep your devices updated at all times.
SUBSCRIBE TO WEEKLY NEWSLETTER
