BleepingComputer reports that the Medusa distributed denial-of-service botnet has reemerged with a new Mirai-based variant, which is being pegged as a malware-as-a-service for DDoS.
Ransomware functionality has been added to the new Medusa variant, which has gained the capability to search all directories for various file types, particularly documents and vector design files, which are then encrypted through AES 256-bit encryption, according to a report from Cyble.
However, such a data encryption process was found to be flawed, with the botnet only serving as a data wiper that deletes all encrypted files within 24 hours. Researchers noted that the issue indicates the ongoing development of the new Medusa botnet, which gathers system information and does not steal user data prior to encryption.
The new Medusa strain also contains a brute forcer that is aimed at compromising Telnet services but the final payload was discovered to have incomplete support for particular commands.
Ransomware, Threat Management, Malware
Novel Mirai-based Medusa DDoS botnet emerges
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds