Medusa Ransomware
Threat Content Highlights
Threat Profiles & Objects
- “Trending & Emerging Threats” weekly update: Medusa Ransomware
- Medusa is a ransomware operation active since 2021, which has slowly but steadily claimed increasing numbers of monthly victims (totaling 300+), including in a variety of critical sectors. Medusa actors are the subject of the latest (March 12) U.S. government joint ransomware advisory. This profile features the behaviors associated with Medusa actors and those linked to key Software used by Medusa operators.
- Simmering threats like Medusa are worth keeping on teams’ radars – they demonstrate success at perpetrating attacks over long periods even if they don’t appear at the very top of ransomware victim tallies or are responsible for high-profile individual attacks (and therefore may be less likely to draw law enforcement’s attention). Groups like BianLian, Rhysida, and Cactus are other similar examples that come to mind. All of these (and Medusa) have appeared numerous times in our separate “Major & Emerging Ransomware and Extortion Threats” monthly-updated Threat Profile – good repeated reminders of these persistent threats.
- Medusa is a ransomware operation active since 2021, which has slowly but steadily claimed increasing numbers of monthly victims (totaling 300+), including in a variety of critical sectors. Medusa actors are the subject of the latest (March 12) U.S. government joint ransomware advisory. This profile features the behaviors associated with Medusa actors and those linked to key Software used by Medusa operators.
