Paragon Software

A zero-day vulnerability identified in a Paragon Software driver has been exploited in ransomware attacks, compromising systems at the kernel level for privilege escalation and potential system control. Despite the absence of Paragon Partition Manager's installation, the flaw, CVE-2025-0289, and other vulnerabilities within the BioNTdrv.sys driver threaten the security of Windows devices. Cybercriminals execute 'bring your own vulnerable driver' (BYOVD) strategies to bypass detection, causing significant concern for users and the company alike until patches by both Paragon and Microsoft could neutralize the threat. The exact nature and extent of data loss or system compromise have not been disclosed, leaving users with uncertainties about the safety of their data and the security of their systems.

Source: https://www.cybersecuritydive.com/news/microsoft-signed-driver-used-in-ransomware-attacks/741372/

"id": "par933030325",
"linkid": "paragon-software",
"type": "Ransomware",
"date": "3/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"