Ransomware cyber

Paragon Software

Mar 3, 2025 2 min read
Paragon Software

A zero-day vulnerability identified in a Paragon Software driver has been exploited in ransomware attacks, compromising systems at the kernel level for privilege escalation and potential system control. Despite the absence of Paragon Partition Manager's installation, the flaw, CVE-2025-0289, and other vulnerabilities within the BioNTdrv.sys driver threaten the security of Windows devices. Cybercriminals execute 'bring your own vulnerable driver' (BYOVD) strategies to bypass detection, causing significant concern for users and the company alike until patches by both Paragon and Microsoft could neutralize the threat. The exact nature and extent of data loss or system compromise have not been disclosed, leaving users with uncertainties about the safety of their data and the security of their systems.

Source: https://www.cybersecuritydive.com/news/microsoft-signed-driver-used-in-ransomware-attacks/741372/

TPRM report: https://scoringcyber.rankiteo.com/company/paragon-software

"id": "par933030325",
"linkid": "paragon-software",
"type": "Ransomware",
"date": "3/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'industry': 'Software',
                        'name': 'Paragon Software',
                        'type': 'Company'}],
 'attack_vector': 'Zero-Day Vulnerability',
 'description': 'A zero-day vulnerability identified in a Paragon Software '
                'driver has been exploited in ransomware attacks, compromising '
                'systems at the kernel level for privilege escalation and '
                'potential system control. Despite the absence of Paragon '
                "Partition Manager's installation, the flaw, CVE-2025-0289, "
                'and other vulnerabilities within the BioNTdrv.sys driver '
                'threaten the security of Windows devices. Cybercriminals '
                "execute 'bring your own vulnerable driver' (BYOVD) strategies "
                'to bypass detection, causing significant concern for users '
                'and the company alike until patches by both Paragon and '
                'Microsoft could neutralize the threat. The exact nature and '
                'extent of data loss or system compromise have not been '
                'disclosed, leaving users with uncertainties about the safety '
                'of their data and the security of their systems.',
 'impact': {'systems_affected': 'Windows devices'},
 'initial_access_broker': {'entry_point': 'BYOVD strategies'},
 'motivation': 'Privilege escalation and potential system control',
 'post_incident_analysis': {'corrective_actions': 'Patches by both Paragon and '
                                                  'Microsoft',
                            'root_causes': 'Zero-day vulnerability in Paragon '
                                           'Software driver'},
 'response': {'remediation_measures': 'Patches by both Paragon and Microsoft'},
 'title': 'Zero-Day Vulnerability in Paragon Software Driver Exploited in '
          'Ransomware Attacks',
 'type': 'Ransomware',
 'vulnerability_exploited': 'CVE-2025-0289 in BioNTdrv.sys driver'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.