Unauthorized Users Utilize Paragon Partition Manager Software Weakness in Ransomware Campaigns

AndyC 4 March 2025

Individuals conducting illicit activities have been taking advantage of a security flaw in Paragon Partition Manager’s BioNTdrv.sys driver during ransomware campaigns to elevate privileges and run unauthorized commands.

Individuals conducting illicit activities have been taking advantage of a security flaw in Paragon Partition Manager’s BioNTdrv.sys driver during ransomware campaigns to elevate privileges and run unauthorized commands.
The previously unknown vulnerability (CVE-2025-0289) is one of five weaknesses identified by Microsoft, as reported by the CERT Coordination Center (CERT/CC).
Such vulnerabilities encompass unauthorized mapping of kernel memory and

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , ,

More Stories

CISA Flags Critical ASUS Live Update Flaw After Evidence of Active Exploitation

CISA Flags Critical ASUS Live Update Flaw After Evidence of Active Exploitation

AndyC 18 December 2025
Cisco Warns of Active Attacks Exploiting Unpatched 0-Day in AsyncOS Email Security Appliances

Cisco Warns of Active Attacks Exploiting Unpatched 0-Day in AsyncOS Email Security Appliances

AndyC 18 December 2025
SonicWall Fixes Actively Exploited CVE-2025-40602 in SMA 100 Appliances

SonicWall Fixes Actively Exploited CVE-2025-40602 in SMA 100 Appliances

AndyC 18 December 2025
Kimwolf Botnet Hijacks 1.8 Million Android TVs, Launches Large-Scale DDoS Attacks

Kimwolf Botnet Hijacks 1.8 Million Android TVs, Launches Large-Scale DDoS Attacks

AndyC 18 December 2025
APT28 Targets Ukrainian UKR-net Users in Long-Running Credential Phishing Campaign

APT28 Targets Ukrainian UKR-net Users in Long-Running Credential Phishing Campaign

AndyC 18 December 2025
New ForumTroll Phishing Attacks Target Russian Scholars Using Fake eLibrary Emails

New ForumTroll Phishing Attacks Target Russian Scholars Using Fake eLibrary Emails

AndyC 18 December 2025

You may have missed

Hospital Ransomware Really is The Pitt

How CISOs Can Beat the Ransomware Blame Game 

AndyC 18 December 2025
Using AI to automatically cancel customers? Not a smart move

2026 Cyber Predictions: Accelerating AI, Data Sovereignty, and Architecture Rationalization 

AndyC 18 December 2025
Smashing Security podcast #448: The Kindle that got pwned

Smashing Security podcast #448: The Kindle that got pwned

AndyC 18 December 2025
What’s Powering Enterprise AI in 2025: ThreatLabz Report Sneak Peek

Private Certificate Authority 101: From Setup to Management

AndyC 18 December 2025
CISA Flags Critical ASUS Live Update Flaw After Evidence of Active Exploitation

CISA Flags Critical ASUS Live Update Flaw After Evidence of Active Exploitation

AndyC 18 December 2025

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.