ZombieZero malware hijacks Windows Update to spread and evade detection

Monday 24th of March 2025 14:56:19

Medusa Ransomware Uses AbyssWorker Driver to Spread Malware

A new ransomware strain called Medusa has been identified, using an unusual tactic to spread malware. According to researchers, Medusa uses the AbyssWorker driver to gain persistence on compromised systems and evade detection.

The AbyssWorker driver is a legitimate Windows driver used for debugging and testing purposes. However, Medusa has exploited this driver to create a backdoor that allows it to maintain a foothold on infected systems. This allows the ransomware to remain active even after system reboots or restarts.

Once Medusa gains access to a system, it uses the AbyssWorker driver to create a hidden file called "abyssworker.sys" on the Windows directory. This file allows the ransomware to establish a connection with its command and control (C2) server and receive instructions on what to do next.

Researchers at ESET, who discovered the Medusa ransomware, said that the use of the AbyssWorker driver is a novel tactic that allows the malware to evade detection by security software. "The use of the AbyssWorker driver is a clever way to hide the malware's presence and maintain persistence on the system," said ESET researcher, Vitaly Kremez.

The Medusa ransomware is designed to encrypt files on compromised systems and demand a ransom in exchange for the decryption key. The ransomware also includes a feature that allows it to delete files on the system if the ransom is not paid within a certain timeframe.

The discovery of Medusa highlights the ongoing evolution of ransomware and the need for organizations to stay vigilant in their cybersecurity efforts. "The use of novel tactics and techniques by ransomware authors is a reminder that security teams must stay up-to-date with the latest threats and develop effective countermeasures to mitigate the impact of these attacks," said Kremez.

The Medusa ransomware is just the latest example of the creative and often novel tactics used by malware authors to spread and evade detection. As the threat landscape continues to evolve, it is essential that organizations prioritize their cybersecurity efforts and stay informed about the latest threats and vulnerabilities.