Microsoft revoked several hardware developer accounts after drivers signed through those profiles were leveraged by hackers in attacks, including ransomware incidents. Sophos revealed that Cuba ransomware operators used the BURNTCIGAR loader utility to install a malicious driver signed using Microsoft’s certificate.