Medusa Ransomware Attacks US-Based Williams County Abstract Company
Medusa ransomware attacked another US-based target recently and posted evidence of the breach on its Telegram channel. The hackers claimed that they were now in possession of more than 50 GB of confidential data.
- The victim hasn’t commented on the attack, but a public statement may come at a later date
- It is unknown whether the victim has decided to negotiate or they’ve opted to ignore the hackers
- As the timer posted on Medusa’s channel shows, the hackers gave the company a little over a week to contact them
- Medusa is one of the most feared RaaS gangs today
Medusa is a newcomer in the ransomware sphere, after only coming public in Q4, 2022. This makes the organization a little over a year old. Despite this, Medusa has grown fast and has amassed a lot of victims during this time.
Medusa’s MO is different than that of other ransomware actors. The gang goes for a more transparent tactic, as the hackers post a lot of details regarding each operation. Their Telegram channel displays a lot of information about the ongoing breach.
This includes:
- A timer showing the date when the data leaks publicly
- How much data has been stolen
- A summary of the victim’s profile
- Several paid options like extending the timer, deleting the data, and downloading the data
In terms of actual infiltration tactics, Medusa relies on exploiting actual platforms and services as launch pads. The unsuspecting victims use these platforms like usual, not knowing that they’ve been compromised.
Once the hackers have breached the victim’s system, they will immediately encrypt the system either totally or partially. They will then download all the useful data they can get and leave behind a ransom note with details on how the victim is supposed to contact them.
Our Mission
We believe security online security matters and its our mission to make it a safer place.
Medusa’s Confusing Profile
Medusa often gets confused with another ransomware actor with a similar name – MedusaLocker. The latter emerged in 2019 and bears no connection to Medusa other than the name.
Another point of confusion comes from code similarities between Medusa and Hive, a now-defunct gang that once ranked as the most powerful in the ransomware sphere.
It’s well-established that ransomware gangs targeted by the FBI or other law enforcement agencies sometimes dissolve into other organizations. Some rebrand themselves under different names, while others break down completely.
However, they never really disappear, as their manpower, tools, code, and assets are quickly redistributed to new ransomware entities. Many have suggested that this is the case with Medusa, as well as numerous other modern ransomware gangs.
Naturally, Medusa members have denied any such similarities, even claiming that Hive’s code bore a lot of errors, which made it unfit for Medusa’s goals and MOs.
When it comes to target profile, Medusa prefers small-to-medium targets both for a quick payday and because these types of targets generate less heat from the authorities. That being said, Medusa doesn’t shy away from a challenge.
The hackers will infiltrate high-value targets if the opportunity arises and they decide the risk is minimal.