[ALERT] This New Ransomware Strain Adds DDoS Bot Causing More Damage

Excuse my French, but Holy S#!+, some ransomware developers have created a new evil way to monetize their operations by adding a DDoS component to their malicious payloads. Security researchers from Invincea reported this a few days ago on a new malware sample they found.

Instead of "just" encrypting data files on the workstation (plus any network drive it can find) and locking the machine, this variant of the Cerber ransomware also started adding a DDoS bot that can quietly blast spoofed network traffic at various IPs. This is the first time DDoS malware is bundled within a ransomware infection.

Invincea said: "The observed network traffic looks to be flooding the subnet with UDP packets over port 6892. By spoofing the source address, the host could direct all response traffic from the subnet to a targeted host, causing the host to be unresponsive."

This means that while the victim is unable to access their endpoint, that same endpoint is being used to deny service to another victim. Two attacks for the price of one. Yikes.

Read More