Security researchers at Sophos have been investigating a pair of ransomware attacks where the attackers used legitimate, digitally signed hardware driver to delete security products from targeted computers. Once the security products were deleted from the target machines, the destructive file encryption portion of the attack was launched.

Source: Hot Hardware – Cunning RobbinHood Ransomware Employs Gigabyte Hardware Driver To Hold Data Hostage