Theft of 6 Million Database Records, Medusa Ransomware
Threat Content Highlights
Threat Objects
- Campaign object added following an alleged breach involving the theft of 6 million database records, including encrypted passwords & key files, from federated SSO login servers. The actor attempted to extort alleged victims and sought help decrypting stolen passwords, raising concerns the credentials would be used in a wide range of potential follow-on attacks.
- Important note: The Campaign object includes Technique relationships related to the original alleged server compromises, as well as unconfirmed follow-on behavior. Most details were based on threat actor claims and vendor research based on those claims.
Threat Profiles
- A new “Ecosystem” curated Threat Profile is available by default for all clients covering the tools & TTPs related to Medusa Ransomware actors. We have highlighted Medusa actors multiple times in recent weeks after new vendor research and government advisories highlighted new Techniques (and re-validated some previously observed ones) associated with this increasingly active ransom operation.