Novel Mirai-based Medusa DDoS botnet emerges

BleepingComputer reports that the Medusa distributed denial-of-service botnet has reemerged with a new Mirai-based variant, which is being pegged as a malware-as-a-service for DDoS. Ransomware functionality has been added to the new Medusa variant, which has gained the capability to search all directories for various file types, particularly documents and vector design files, which are then encrypted through AES 256-bit encryption, according to a report from Cyble. However, such a data encryption process was found to be flawed, with the botnet only serving as a data wiper that deletes all encrypted files within 24 hours. Researchers noted that the issue indicates the ongoing development of the new Medusa botnet, which gathers system information and does not steal user data prior to encryption. The new Medusa strain also contains a brute forcer that is aimed at compromising Telnet services but the final payload was discovered to have incomplete support for particular commands.