Security News > 2024 > June > P2PInfect botnet targets REdis servers with new ransomware module

P2PInfect botnet targets REdis servers with new ransomware module
2024-06-25 10:00

P2PInfect, originally a dormant peer-to-peer malware botnet with unclear motives, has finally come alive to deploy a ransomware module and a cryptominer in attacks on Redis servers.

P2PInfect was first documented in July 2023 by Unit 42 researchers, targeting Redis servers using known vulnerabilities.

Cado Security's subsequent examination of the malware revealed that it leveraged a Redis replication feature to spread. Between August and September 2023, P2PInfect increased its activity to thousands of breach attempts weekly while also introducing new features like cron-based persistence mechanisms, fallback communication systems, and SSH lockout.

The ransomware targets files with specific extensions related to databases, documents, and media files and appends the '.

The damage from the ransomware module is contained by its privilege level, which is limited to that of the compromised Redis user and the files accessible to them.

A peculiar characteristic of the new P2PInfect is that the miner is configured to use all the available processing power, often hampering the operation of the ransomware module.


News URL

https://www.bleepingcomputer.com/news/security/p2pinfect-botnet-targets-redis-servers-with-new-ransomware-module/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Redis 4 4 10 15 4 33