Windows users ought to boost their antivirus security. While Microsoft Defender provides protection against ransomware, a new report reveals that cybercriminals have found a way to evade this tool and inject ransomware into PCs.

An analysis by GuidePoint Security (via BleepingComputer) shows that attackers are employing Akira ransomware to take advantage of a legitimate PC driver, which allows them to introduce a second, harmful driver that disables Windows Defender, enabling unauthorized actions.

The driver in question is “rwdrv.sys,” associated with Intel CPU tuning software. Cybercriminals exploit it to deploy “hlpdrv.sys,” an additional driver that bypasses Defender, permitting them to carry out their malicious operations.

GuidePoint detected this attack strategy starting in mid-July. The vulnerability seems unaddressed, but greater awareness could diminish its impact.

In the meantime, PCMag can recommend trustworthy third-party antivirus solutions for your Windows PC. For further information on the recent Akira ransomware incidents and possible safeguards, check out GuidePoint Security.