• Home
  • News
  • MEDUSA Ransomware Poisons Two More

MEDUSA Ransomware Poisons Two More

Miklos Zoltan

By Miklos Zoltan . 12 February 2024

Founder - Privacy Affairs

Alex Popa

Fact-Checked this

MEDUSA is responsible for two more attacks, one on US soil and the other in Australia. The two victims are Amoskeag Network Consulting Group LLC and Kadac Australia. Both of the victims have decades of experience behind them and great reputation.

  • Neither of those involved in the attack have come forth with any public statement regarding the event
  • MEDUSA posted evidence of the attack on its public website and gave the victims a deadline for completing the negotiations
  • It is unclear how much data MEDUSA was able to steal or how high the ransom
  • MEDUSA currently ranks as one of the most feared ransomware rings in the world

The recent attacks follow the same pattern associated with MEDUSA’s operations. The ransomware actor typically chooses far-apart targets to spread the attention thin and confuse law enforcement agencies.

It’s worth mentioning that MEDUSA is also highly adaptable and malleable, which allows it to use varying tactics and procedures to infect victims. This allows the malware actor to circumvent most defense systems, especially if they’re not up-to-date.

X showing the MEDUSA attack on the 2 victims
https://twitter.com/FalconFeedsio/status/1756932477334290636

However, despite the organization’s high aggressive and resourcefulness, it’s worth mentioning that MEDUSA is among the few reasonable ransomware actors. It may very well be the only one.

As many victims have pointed out, MEDUSA is always willing to negotiate and provide victims with several options during the talks. These include time extensions if the victim doesn’t have the demanded ransom at the ready.

Is MEDUSA The Next Big Thing?

It’s important to note that MEDUSA has been active in the ransomware industry since 2021, which says a lot about its potential to evade detection and prosecution. Regulatory agencies still haven’t penetrated MEDUSA’s shields to reveal its identity.

While MEDUSA is its own threat thanks to its rapid development and adaptability, its tactics pose the greatest growth potential. MEDUSA relies primarily on affiliates and operates globally. This allows it to hit targets across the Globe with minimal effort.

It’s this business profile that makes MEDUSA so dangerous and gives it so much potential.

While most of MEDUSA’s victims are on the American continent, the infamous ransomware actor has a global reach. Other countries that carry traces of MEDUSA’s poison include UK, Turkey, UAE, India, and many others.

When it comes to the industries of choice, MEDUSA does seem to have favorites. The manufacturing industry comes first, followed by educational institutions, professional services, financial sector, and many others.

Fortunately, MEDUSA isn’t as active as other ransomware actors and it doesn’t usually demand extreme ransoms. Experts argue that keeping the ransoms relatively low is meant to increase the likelihood of successful payment.

MEDUSA’s highest ransom dates back from March of 2023, when the group attacked the Minneapolis School district. In that case, the ransom reached $1 million, which the victim refused to pay. As a result, MEDUSA leaked the stolen data on their TOR website.

Experts warn about MEDUSA’s growth potential, given its proficient tactics, constant self-development, and the affiliate-based business model.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Leave a Comment