Security News > 2025 > March > Medusa Ransomware Uses Malicious Driver to Disable Anti-Malware with Stolen Certificates

The threat actors behind the Medusa ransomware-as-a-service (RaaS) operation have been observed using a malicious driver dubbed ABYSSWORKER as part of a bring your own vulnerable driver (BYOVD) attack designed to disable anti-malware tools. Elastic Security Labs said it observed a Medusa ransomware attack that delivered the encryptor by means of a loader packed using a packer-as-a-service (PaaS

News URL

https://thehackernews.com/2025/03/medusa-ransomware-uses-malicious-driver.html