Medusa: The Ransomware

 





Overview

Medusa, also known as MedusaLocker, is a ransomware discovered in 2019. It operates in a ransomware-as-a-service (RaaS) business model and goes for double extortion tactic stealing the victim's data before encryption. It mainly targets big organizations with high volumes of Personal Identifiable Information (PII), health sector, and educational sectors. Medusa generally gain access via brute-force attacks on Remote Desktop Protocol (RDP), leaked RDP credentials, or spear-phishing attacks to steal user credentials.

Understanding Medusa

Since its discovery, Medusa have seen drastic changes in its ransomware activities and extortion tactics. They have even launched their dedicated leak site in early 2023, called the Medusa Blog, where they disclose sensitive data of the victims who does not comply with their demands. 

They employ a multi-extortion strategy and offer multiple options to their victims. All the options such as time extension, data deletion, or download of all the data, contain a price tag depending upon the impacted organization.

In the multi-extortion system, Medusa ransomware includes the following points to pressurize their victims into paying the ransom-

  • Price Tag- It is the amount the impacted organization is required to pay for the removal of the data from their site. However, they are always willing to negotiate like the other ransomware threat actors.

  • Countdown- It is the total amount of time an impacted organization have before the availability of their stolen data publicly for download. 

  • Number of Visitors- The number of post visitors is used to pressurize the victims into paying the ransom. 

  • Victim Name & Description- Identifiable information for the compromised organization. 

This group also have integrated links to Telegram and X (previously Twitter) on the Medusa Blog site.

Protection Against Medusa

Following steps might help in protecting a system against such ransomware attacks:
  • Implement strong passwords.
  • Activate Multi-Factor Authentication (MFA).
  • Simple user account permissions. 
  • Clear unused and outdated user accounts.
  • System configurations to strictly follow all security procedures.
  • Always have system backup in a remote configuration.
  • Have updated cybersecurity solution in place. 

 Conclusion

Medusa ransomware has evolved rapidly since its emergence in 2019. Their operations showcases complex propagation methods, leveraging of system vulnerabilities, and avoiding detection. As such, Medusa stands strong as a significant threat to organizations demanding more proactive and practical defensive strategies. 















Comments

Popular posts from this blog

Deployment (Part 3)

Deployment (Part 1)

Project Resourcing (Part 2)