Researchers from security firm Cyble have discovered an Internet of Things botnet used for, among other things, spreading ransomware. Files are deleted 24 hours after they are encrypted.
Because of a flaw in the implementation, victims only then receive instructions on how to get their data back, and the amount of ransom demanded.
The botnet in question is a variant of the well-known Mirai malware. This infects routers, IP cameras and IoT devices. DDoS attacks often then follow. The Mirai botnet that the researchers discovered targets Linux systems. Through a bruteforce attack, the botnet gains access, after which Medusa malware is executed.
Medusa collects information about the system, including username and platform. The malware can also use the infected system for DDoS attacks and bruteforce attacks on other systems. Of particular note is that this is a botnet with ransomware functionality.
Mirai malware is a virus that spreads itself through hacks, collecting new systems. This botnet has been active since 2016 and continuously commits hacks on automated works. It often involves hacks on Internet of Things devices such as routers, security cameras, Smart TVs or smart thermostats. When a device is infected, it is part of the virus.
