• Home
  • News
  • MEDUSA Ransomware Targets Two

MEDUSA Ransomware Targets Two

Miklos Zoltan

By Miklos Zoltan . 18 March 2024

Founder - Privacy Affairs

Alex Popa

Fact-Checked this

MEDUSA ransomware just announced two more victims, one in the US and one in Canada. This attack follows MEDUSA’s increasing activity trend, as the hackers have been visibly more active in 2023 than all their previous years.

  • The US victim is Desco Steel, a structural steel manufacturer, and the Canadian one is Metzger Veterinary Services
  • Neither of the two companies has commented on the event, and it’s unclear if they’ve decided to negotiate with the hackers
  • Ransomware attacks have been on the rise in 2023, and the trend appears to follow the same upward direction in 2024
  • MEDUSA is a controversial ransomware actor with uncertain beginnings and unconventional tactics

MEDUSA is a particularly scary ransomware actor because of the way it operates. The organization was first observed publicly in 2022, but there are conflicting statements about that. Some say that the hackers have been operating under this name since 2019.

What is certain is that MEDUSA spiked its activity starting with 2023, when it also started attacking high-value targets. The cybercriminal gang uses the double-extortion practice to obtain as much leverage as possible during negotiations.

X showing the MEDUSA attack on the 2 victims

This means that the victim needs to negotiate both the decryption key and the deletion of the stolen data. If not, MEDUSA will publish the data publicly, potentially causing the victim to experience significant financial and reputational damages.

The thing that makes MEDUSA so influential and intimidating is the fact that it operates as a RaaS (ransomware-as-a-service) organization. This allows MEDUSA greater reach and impact for minimal extra costs.

MEDUSA hackers are also known to demand ridiculous ransoms and exhibit tough negotiation tactics. These facts alone turn MEDUSA into one of the scariest ransomware gangs in the cybercriminal sphere.

Our Mission

We believe security online security matters and its our mission to make it a safer place.


There’s a lot of debate surrounding MEDUSA’s actual identity because different experts claim different things. The main point of confusion here is that MEDUSA often gets conflicted with MedusaLocker, which started operating in 2019.

Whereas MEDUSA only came public in Q4 of 2022. Apparently, the two are unrelated, aside from the name. They also both operate as RaaS platforms, which allows them greater reach and lowers financial expenses.

Despite being relatively new, MEDUSA took off fast, starting in 2023. The organization recruited affiliates, improved its tactics, and ramped up its activity slowly throughout the year.

The hackers made an impact relatively fast thanks to their aggressive and sophisticated tactics and smart approach to negotiations. Unlike other ransomware actors that allow greed to guide their actions, MEDUSA is more tactical.

MEDUSA hackers are known to demand relatively low ransoms compared to their victims’ revenue. In one such case, a French company had a revenue of around $250 million, yet MEDUSA’s ransom was $500,000. This is low by the industry’s standards.

Some reports have even revealed that MEDUSA hackers are willing to actually negotiate and even decrease the value of the ransom in some cases. This shows that the organization is overall more tactical.

The hackers can accept some compromises, so long as these translate into successful ransom payments.

Leave a Comment