Security researchers at Sophos have been investigating a pair of ransomware attacks where the attackers used legitimate, digitally signed hardware driver to delete security products from targeted computers. Once the security products were deleted from the target machines, the destructive file encryption portion of the attack was launched.