Medusa Ransomware Utilizes Malicious Driver in BYOVD Attack

The threat actors behind the Medusa ransomware-as-a-service (RaaS) operation have been observed using a malicious driver named ABYSSWORKER as part of a bring your own vulnerable driver (BYOVD) attack designed to disable anti-malware tools. Elastic Security Labs reported a Medusa ransomware attack that delivered the encryptor via a loader packed using a packer-as-a-service (PaaS). This method allows attackers to bypass protections by using stolen certificates to sign the malicious driver.