Security News > 2024 > June > P2PInfect botnet targets REdis servers with new ransomware module
P2PInfect, originally a dormant peer-to-peer malware botnet with unclear motives, has finally come alive to deploy a ransomware module and a cryptominer in attacks on Redis servers.
P2PInfect was first documented in July 2023 by Unit 42 researchers, targeting Redis servers using known vulnerabilities.
Cado Security's subsequent examination of the malware revealed that it leveraged a Redis replication feature to spread. Between August and September 2023, P2PInfect increased its activity to thousands of breach attempts weekly while also introducing new features like cron-based persistence mechanisms, fallback communication systems, and SSH lockout.
The ransomware targets files with specific extensions related to databases, documents, and media files and appends the '.
The damage from the ransomware module is contained by its privilege level, which is limited to that of the compromised Redis user and the files accessible to them.
A peculiar characteristic of the new P2PInfect is that the miner is configured to use all the available processing power, often hampering the operation of the ransomware module.
News URL
Related news
- Mirai Botnet targeting OFBiz Servers Vulnerable to Directory Traversal (source)
- FBI disrupts the Dispossessor ransomware operation, seizes servers (source)
- FBI Shuts Down Dispossessor Ransomware Group's Servers Across U.S., U.K., and Germany (source)
- Linux version of new Cicada ransomware targets VMware ESXi servers (source)
- VMware ESXi Servers Targeted by New Ransomware Variant from Cicada3301 Group (source)
- Quad7 botnet targets more SOHO and VPN routers, media servers (source)